DevSecOps Lead

Kentro is dedicated to delivering innovative and effective solutions to our clients in an evolving technological landscape. We prioritize collaboration, creativity, and cutting-edge engineering practices to ensure our teams produce high-quality results. As we continue to expand our capabilities, we are looking for talented individuals to join us in making a meaningful impact.

We are looking for a skilled DevSecOps Lead to join our team. The successful candidate will be a dynamic leader who will drive the implementation of DevSecOps practices across the organization, mentoring and empowering engineering teams to adopt best practices. They will excel in defining comprehensive strategies, automating workflows, and ensuring secure, efficient, and scalable infrastructure through collaboration, continuous learning, and strong security and compliance oversight.

Responsibilities:

Leadership and Mentorship:

• Lead the implementation of DevSecOps practices across the organization.
• Mentor DevSecOps engineers, providing guidance, support, and professional development opportunities.
• Foster a culture of collaboration, knowledge sharing, and continuous learning.

Strategy and Adoption:

• Define a comprehensive DevSecOps strategy that aligns with the company's security and business objectives.
• Champion the adoption of automation tools and processes to enhance efficiency and security.
• Establish and enforce best practices across the software development lifecycle (SDLC).

Maintenance and Support:

• Monitor system performance and troubleshoot issues.
• Perform system upgrades and maintenance tasks.

Automation and Optimization:

• Automate infrastructure tasks using scripting languages (e.g., Python, Bash) and automation tools (e.g., AWS CDK, AWS Lamda, Terraform).
• Lead the full adoption of CI/CD, leveraging technologies such as GitHub Actions, Jenkins, AWS CodeDeploy, CodePipeline, and CodeBuild.
• Ability to design and build ETL data pipelines for data processing and analysis, utilizing AWS native tools and visualization platforms such as Tableau.
• Optimize system performance and resource utilization, implementing cost-effective and efficient infrastructure solutions.

Testing and Quality Assurance:

• Design and implement automated testing frameworks to ensure software quality and performance throughout the CI/CD pipeline.
• Version Control and Configuration Management:
• Manage and enforce software versioning control (via GitHub and AWS CodeCommit) to ensure seamless collaboration and version integrity across development efforts.
• Leverage configuration management tools to automate infrastructure provisioning and configuration.

Virtualization and Containerization:

• Drive the adoption of containerization technologies (e.g., ECS, EKS, Docker, Kubernetes) for efficient, portable application deployments.
• Utilize virtualization technologies to create scalable, isolated environments for development and testing.

Security and Monitoring:

• Design and implement automated security testing, vulnerability scanning (SAST & DAST), and compliance checks.
• Continuously monitor applications and cloud services for security vulnerabilities and compliance risks.

Incident Response and Remediation:

• Develop incident response plans for security incidents.
• Perform threat modeling and risk assessments to identify and mitigate potential security issues.
• Conduct post-mortem analysis to identify root causes and improve security posture.

Collaboration and Communication:

• Work closely with engineers, data scientists, and solutions architects.
• Provide training and guidance to the development teams on secure coding practices and security tools.
• Communicate effectively with stakeholders on security risks and mitigation strategies.

Compliance and Governance:

• Develop account management governance policies to ensure secure user access, role-based permissions, and compliance with industry standards across cloud and on-premise environments.
• Maintain documentation, conduct audits, and stay updated on trends, vulnerabilities, and regulatory requirements.

Location: Hybrid in McLean, VA

Requirements

• Bachelor's degree in Computer Science, Engineering, or a related field. A master's degree in a relevant field is preferred.
• 7+ years of progressive experience in DevSecOps, DevOps, or a related role within a technical environment, including experience leading and mentoring DevSecOps engineers.
• Demonstrated experience in designing, implementing, and managing CI/CD pipelines and automated testing frameworks.
• Proven expertise in automating infrastructure and security tasks in cloud environments.
• Extensive experience with cloud platforms (e.g., AWS, Azure) and their security best practices.
• Proficiency in scripting languages (Python, Bash) and automation tools (e.g., Jenkins, GitHub Actions).
• Skilled in infrastructure deployment and management using IaC tools (e.g., AWS CloudFormation, Terraform).
• Proficient in automating infrastructure tasks with AWS services (e.g., AWS CDK, AWS Systems Manager, Lambda Functions, EventBridge).
• Experience with containerization technologies (e.g., Amazon ECS and EKS) and their secure integration into CI/CD pipelines.
• Ability to design and implement automated testing frameworks for CI/CD pipeline quality and performance, including unit, smoke, and regression testing.
• Expertise in automated security testing, vulnerability scanning, and continuous monitoring for security and compliance (e.g., AWS Inspector, AWS GuardDuty, AWS Security Hub, SonarQube).
• Familiarity with web technologies (e.g., HTTP, REST, API security) and database management (e.g., MySQL, PostgreSQL, MongoDB) to ensure data security and integrity in cloud and hybrid environments.
• Knowledge of account management governance, user access control, and regulatory compliance across cloud/on-prem environments, leveraging (e.g., AWS IAM, AWS Organizations, AWS Artifact).
• Skilled in version control (e.g., Git) and configuration management (e.g., AWS OpsWorks, AWS Systems Manager).
• Experience optimizing system performance and resource utilization using cloud services (e.g., EC2, S3, Auto Scaling).
• Excellent analytical, problem-solving, and troubleshooting abilities.
• Ability to work collaboratively in a team-oriented environment and drive initiatives to completion.
• Proactive approach to identifying and addressing security challenges.

Preferred Skills:

• Familiarity with software development methodologies (e.g., Agile, Waterfall).
• Experience utilizing virtualization technologies (e.g., VMware, Hyper-V).
• Experience implementing web application security (e.g., WAF, AWS Shield) and database security practices (e.g., encryption, IAM for RDS, Aurora, and DynamoDB).
• Experience in developing incident response plans, performing threat modeling, and conducting post-mortem analysis using AWS CloudTrail, AWS Config, and AWS CloudWatch.
• AWS certifications (e.g., DevOps Engineer, Solutions Architect).
• Knowledge of requirements of the various compliance frameworks such as NIST 800-53, CMMC 2.0, etc.

Clearance:

• US Citizenship required; the ability to obtain a security clearance may be required.

Benefits

The Company

We believe in generating success collaboratively, enabling long-term mission success, and building trust for the next challenge. With you as our partner, let’s solve challenges, think innovatively, and maximize impact. As a valued member of our team, you have the unique opportunity to work in a diverse range of technology and business career paths, all while supporting our nation and delivering innovative technology solutions. We are a close community of experts that pride ourselves on creating an environment defined by teamwork, dedication, and excellence.

We hold three ISO certifications (27001:2013, 20000-1:2011, 9001:2015) and two CMMI ML 3 ratings (DEV and SVC).

Industry Recognition

Growth | Inc 5000’s Fastest Growing Private Companies, DC Metro List Fastest Growing; Washington Business Journal: Fastest Growing Companies, Top Performing Small Technology Companies in Greater D.C.

Culture | Northern Virginia Technology Council Tech 100 Honoree; Virginia Best Place to Work; Washington Business Journal: Best Places to Work, Corporate Diversity Index Winner – Mid-Size Companies, Companies Owned by People of Color; Department of Labor’s HireVets for our work helping veterans transition; SECAF Award of Excellence finalist; Victory Military Friendly Brand; Virginia Values Veterans (V3); Cystic Fibrosis Foundation Corporate Breath Award

Benefits

We offer competitive benefits package including paid time off, healthcare benefits, supplemental benefits, 401k including an employer match, discount perks, rewards, and more.  We invest in our employees – Every employee is eligible for education reimbursement for certifications, degrees, or professional development.  Reimbursement amounts may fluctuate due to IRS limitations. We want you to grow as an expert and a leader and offer flexibility for you to take a course, complete a certification, or other professional growth and networking. We are committed to supporting your curiosity and sustaining a culture that prioritizes commitment to continuous professional development.

We work hard; we play hard. Kentro is committed to incorporating fun into every day. We dedicate funds for activities – virtual and in-person – e.g., we host happy hours, holiday events, fitness & wellness events, and annual celebrations. In alignment with our commitment to our communities, we also host and attend charity galas/events. We believe in appreciating your commitment and building a positive workspace for you to be creative, innovative, and happy.

Commitment Equal Opportunity Employment & VEVRAA

Kentro is an equal opportunity employer.  All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state or local law.

Kentro is strongly committed to compliance with VEVRAA and other applicable federal, state, and local laws governing equal employment opportunity. We have developed comprehensive policies and procedures to ensure our hiring practices align with these requirements.

As part of our VEVRAA compliance efforts, Kentro has established an equal opportunity plan outlining our commitment to recruiting, hiring, and advancing protected veterans. This plan is regularly reviewed and updated to ensure its effectiveness.

We encourage protected veterans to self-identify during the application process. This information is strictly confidential and will only be used for reporting and compliance purposes as required by law. Providing this information is voluntary and will not impact your employment eligibility.

Our commitment to equal employment opportunity extends beyond legal compliance. We are dedicated to fostering an inclusive workplace where all employees, including protected veterans, are treated with dignity, respect, and fairness.

How to Apply

To apply to Kentro Positions- Please click on the: “Apply for this Job” button at the bottom of this Job Description or the button at the top: “Application.”  Please upload your resume and complete all the application steps. You must submit the application for Kentro to consider you for a position.  If you need alternative application methods, please email careers@kentro.us and request assistance.  

Accommodations

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. Reasonable Accommodations may be made to enable qualified individuals with disabilities to perform the essential functions. If you need to discuss reasonable accommodations, please email careers@kentro.us.