DevSecOps Cybersecurity Architect

ILS Inc. is seeking an experienced Development Security and Operations (DevSecOps) Cybersecurity Architect to drive the secure design, development, and deployment of enterprise IT systems for a federal program. This role is critical in integrating security into every stage of the software development lifecycle (SDLC) and DevOps pipeline, ensuring compliance with federal cybersecurity requirements (NIST 800-53, FedRAMP). This position requires on-site presence two days per week at our Fairfax, VA headquarters.

MUST BE LOCAL TO DC METRO AREA (hybrid support - 2 days in ILS HQ office, located in Fairfax, VA 22033).

Must be able to be W2 employee; no C2C.

• Develop a comprehensive roadmap and implementation plan for achieving Continuous Authorization to Operate (cATO), including integration with DevSecOps pipelines and compliance processes.
• Architect and develop secure DevSecOps practices, embedding security into CI/CD pipelines and development workflows.
• Design and maintain cybersecurity architecture strategies aligned with federal and program security objectives.
• Collaborate with development, operations, and security teams to design automation-driven security controls across application and infrastructure layers.
• Evaluate, recommend, and implement tools that enhance the organization’s security posture
• Serve as the primary security point of contact for assigned federal information systems throughout the DevSecOps Life Cycle.
• Ensure compliance with NIST 800-53, FedRAMP, and agency-specific cybersecurity frameworks.
• Implement tools and processes for supply chain management such as SBOM management, container security and scanning.
• Coordinate with system owners, engineers, developers, and external stakeholders to implement security controls and remediation strategies.

• Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or related field.
• 5+ years of cybersecurity or information security experience, with hands-on experience in secure software development or DevSecOps.
• Strong knowledge of NIST SP 800-53, FedRAMP, and RMF processes.
• Experience with containerization and cloud-native security (Docker, Kubernetes/EKS, ECS/Fargate).
• Familiarity with security automation and scanning tools (e.g., Snyk, Twistlock, SonarQube, Nessus, Qualys).
• Experience preparing and maintaining ATO packages and supporting Continuous Monitoring (ConMon).
• Excellent technical documentation, communication, and leadership skills

Preferred Skills

• Professional certifications such as CISSP, CISM, CAP, or Security+.
• Experience using eMASS, CSAM, or other compliance management platforms.
• Understanding of cloud security controls in AWS, Azure, or GCP environments.
• Strong background in supply chain security, SBOM management, and zero-trust architecture.
• Experience supporting federal applications and mission-critical environments.