Lead DevSecOps & Compliance Engineer jobs in United States
cer-icon
Apply on Employer Site
company-logo

Pioneering Evolution, LLC · 14 hours ago

Lead DevSecOps & Compliance Engineer

positionArlington, VA
timeFull-time
remoteHybrid
senioritySenior Level
date7+ years exp

Pioneering Evolution, LLC is seeking a Lead DevSecOps & Compliance Engineer who will be responsible for embedding security and compliance automation across the software delivery lifecycle. This role involves defining and enforcing security policies, hardening deployment processes, and ensuring compliance with federal mandates while collaborating with various engineering teams.

ConsultingIT InfrastructureSoftware
check
Growth OpportunitiesbadNo H1BnoteSecurity Clearance RequirednoteU.S. Citizen Onlynote

Responsibilities

Design, implement, and maintain secure Azure infrastructure in production, including AKS and Mission Landing Zones (MLZs)
Operate AKS securely (upgrades, node pools, ingress, RBAC/Entra ID integration, network policies, and observability)
Implement and enforce MLZ/landing zone guardrails (management groups, Azure Policy, hub-and-spoke networking, private networking patterns, and identity integration)
Integrate and enforce security scanning within CI/CD pipelines (SAST, DAST, SCA, SBOM generation)
Implement gated releases and release verification, including artifact integrity and provenance controls (e.g., signing/attestation where applicable)
Standardize secure build and deployment patterns for containerized workloads deployed to AKS (e.g., Helm and/orGitOps)
Harden containers and Kubernetes workloads using least privilege and defense-in-depth (Pod Security Standards, admission controls, secure baselines)
Define runtime policy enforcement using tools such as OPA/Gatekeeper and Azure-native controls (Azure Policy for Kubernetes where applicable)
Establish secure patterns for service-to-service communication and identity aligned to Zero Trust principles
Establish and maintain secure secrets management using Azure Key Vault (including access policies/RBAC, rotation patterns, and operational safeguards)
Enforce least-privilege access and secure authentication patterns (OAuth2, OIDC, JWT) across platform services and automation
Map technical controls to federal frameworks (e.g., NIST 800-53, FedRAMP, FIAR/NDAA as applicable) and drive continuous evidence generation
Define and enforce policy-as-code and compliance-as-code standards using Terraform and/or Azure-native policy tooling
Support audit readiness reviews and produce control evidence artifacts (automated where possible)
Implement vulnerability detection and remediation workflows (CVE/CVSS triage, prioritization, SLA tracking, and reporting)
Centralize logging and monitoring using Azure Monitor / Log Analytics, including retention, alerting, and traceability for audit evidence
Collaborate with engineering teams to remediate findings and reduce recurrence through standards and automation
Collaborate with the Technical Lead (Enterprise Technical Authority) and Program/Project Manager to define security priorities, operational standards, and delivery guardrails
Mentor engineering and platform teams on secure development practices, compliance alignment, and operational excellence

Qualification

Azure infrastructureAKS operationsCompliance frameworksSecurity automationPolicy-as-codeCI/CD securitySecrets managementVulnerability managementMentorshipCollaborationCommunication

Required

Demonstrated experience implementing and maintaining Azure infrastructure in production, including AKS and Mission Landing Zones (MLZs)
Strong AKS operations experience: upgrades, node pools, ingress, RBAC/Entra ID, policy enforcement, and observability
MLZ/landing zone governance: management groups, Azure Policy, hub-and-spoke networking, identity integration, and private networking patterns
Experience securing and operating Azure Database for PostgreSQL Flexible Server (networking/private access, backups/restore, HA, and hardening)
Experience deploying and securing RabbitMQ (TLS, access control, monitoring/alerting, and operational maintenance)
7+ years of experience in DevSecOps, cloud security, infrastructure security, or platform security for production systems
Hands-on experience with CI/CD pipeline security (e.g., GitHub Actions, GitLab CI/CD, Bitbucket Pipelines) and automated security testing (SAST/DAST/SCA/SBOM)
Hands-on experience with Azure security foundations, including: Entra ID, VNets /NSGs, Private Link, Key Vault, and Azure Monitor/Log Analytics
Proven experience mapping technical controls to federal compliance frameworks (e.g., NIST 800-53, FedRAMP; plus FIAR/NDAA where applicable)
Bachelor's degree in Cybersecurity, Computer Science, Software Engineering, or a related technical field
CISSP, CISM, or equivalent senior-level cybersecurity certification

Preferred

Policy-as-code frameworks and admission controls (OPA/Gatekeeper, Azure Policy for Kubernetes, Sentinel)
Secure software supply chain tooling (e.g., Sigstore/Cosign, in-toto, provenance/attestation)
Cloud-native security tooling and posture management: Azure: Defender for Cloud, Azure Policy, Azure Monitor; AWS (desired): AWS Config, GuardDuty, Inspector
Observability platforms and practices: OpenTelemetry, Prometheus, ELK/Splunk, alerting and SLOs
Experience operating secure AWS infrastructure and workloads, including: ECS, CloudWatch, IAM, VPC, Secrets Manager (and related security controls/patterns)
Familiarity with multi-cloud governance approaches and translating controls across Azure and AWS
Infrastructure-as-code beyond Terraform (Azure Bicep) and secure module patterns
Azure networking fundamentals (NSGs, route tables, hub-and-spoke, firewall/egress/ingress patterns)
Experience with AI/ML security practices or secure metadata handling for model pipelines
Strong understanding of Zero Trust architectures and service-to-service identity enforcement

Benefits

Paid time off
10 paid holidays
Medical insurance
Dental insurance
Vision insurance
Legal assistance
Company-paid life insurance and AD&D
Company-paid long term and short-term disability insurance
Tuition reimbursement
401(k) plan with company contribution
Continuing Education Opportunities

Company

Pioneering Evolution, LLC

twittertwitter
company-logo
Pioneering Evolution, LLC is a Service Disabled Veteran Owned Small Business (SDVOSB), specializing in management consulting services and software development, headquartered just outside Washington, D.C.
dateFounded in 2004
location
Arlington, Virginia, USA
people-size51-200 employees
web-link
https://www.pioneeringevolution.com

Funding

Current Stage
Growth Stage

Leadership Team

leader-logo
Kenneth Michaud
Managing Partner
linkedin
Company data provided by crunchbase