DevSecOps Engineer SME

Everforth ECS is seeking a DevSecOps Engineer SME to work in the National Capital Region covering the Pentagon, Falls Church, and Fairfax. Please Note: This position is contingent upon contract award.

The War Data Platform (WDP) is a key initiative within the U.S. Department of War’s (DoW) AI-First strategy introduced in early 2026. The WDP focuses on operational warfighting data and aims to accelerate the deployment of artificial intelligence (AI) on the battlefield. The WDP extends to Unclassified, Secret, and Top Secret environments, and supports collaboration between Combatant Commands, Joint Staff directorates, Senior Executive Service leaders, and operational analysts.

This role will architect, operate, and optimize advanced DevSecOps pipelines that deliver WDP Core Integration across NIPRNet, SIPRNet, and JWICS, ensuring mission alignment and operational resilience.
Architects, operates, and optimizes advanced DevSecOps pipelines supporting WDP Core Integration enterprise delivery across NIPRNet, SIPRNet, and JWICS for Department of War missions, Combatant Command elements, Joint Staff analysts, and Senior Executive Service leadership.

• Designs core pipeline architectures, cross-domain artifact flow patterns, and security tool integrations using GitLab, Jenkins, SonarQube, Nexus, Harbor, Kubernetes, Terraform, and container orchestration platforms.
• Leads continuous development of pipeline architecture, authors detailed process documentation, and coordinates extensively with software engineering, cybersecurity, and platform infrastructure teams to maintain mission alignment and operational resilience.
• Acts as the primary escalation point for complex pipeline failures, zero-day vulnerability triage, and classification boundary issues affecting multi-network delivery.
• Maintains expert-level mastery of continuous integration tooling, static and dynamic security scanning platforms, software composition analysis systems, secret management frameworks, and compliance automation capabilities used across the WDP Core Integration ecosystem.
• Authors technical standards including pipeline YAML and domain-specific DSL, policy-as-code modules, artifact signing procedures, and automated authorization workflows governing software factory operations.
• Pilots advanced security-as-code techniques such as policy-driven guardrails, automated risk scoring, and cross-domain validation prototypes within controlled lab environments prior to production adoption.
• Integrates scanning, software bill of materials generation, compliance validation, and automated security gates using Anchore, Trivy, OpenSCAP, and Sysdig to maintain vulnerability reduction and configuration discipline.
• Monitors pipeline performance indicators—including success rates, deployment frequency, restoration times, defect recurrence, and integration stability—to identify reliability risks and accelerate delivery velocity.
• Produces technical assessments, architecture updates, optimization recommendations, and leadership reports that strengthen automation coverage, operational readiness, and mission execution across the WDP Core Integration enterprise.
• Performs other duties as assigned.

• Current Secret security clearance with the ability to obtain and maintain a Top Secret (TS) security clearance with Sensitive Compartmented Information (SCI).
• IAT III‑level security certifications (CompTIA CASP+ CE, ISC² CISSP or Associate, GIAC GCED, GIAC GCIH, or Cisco CCNP Security).
• Minimum 12 years of experience designing, implementing, and maintaining enterprise‑scale DevSecOps pipelines across multi‑domain and classified environments.
• Proven expertise in integrating CI/CD tools such as GitLab, Jenkins, SonarQube, Nexus, Harbor, Kubernetes, and Terraform with security‑as‑code frameworks.
• Demonstrated ability to lead cross‑functional teams, author process documentation, and provide escalation for complex pipeline failures and vulnerability triage.
• Strong problem‑solving and decision‑making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate solution.
• Highly developed interpersonal and oral/written communication skills, with the ability to effectively and professionally interact with a diverse set of stakeholders (from peers to end‑users to executive management).