Devsecops Lead

Thank you for considering IT Concepts dba Kentro, where innovation drives opportunity and collaboration leads to success. Our dynamic community of experts is fully committed to advancing our customers' missions, fostering professional growth, and making a positive impact on our communities.

Our transition to Kentro in 2025 reflects a rich legacy built upon the foundation of IT Concepts. Rather than leaving ITC behind, we confidently embrace a future centered around the Core of More. By joining our supportive community, you will find that Kentro is dedicated to your personal and professional development. Together, we can drive meaningful change, spark innovation, and achieve extraordinary milestones.

Kentro is hiring a skilled DevSecOps Lead to join our team. The successful candidate will be a dynamic leader who will drive the implementation of DevSecOps practices across the organization, mentoring and empowering engineering teams to adopt best practices. They will excel in defining comprehensive strategies, automating workflows, and ensuring secure, efficient, and scalable infrastructure through collaboration, continuous learning, and strong security and compliance oversight.

Responsibilities:

Leadership and Mentorship:

• Lead the implementation of DevSecOps practices across the organization.
• Mentor DevSecOps engineers, providing guidance, support, and professional development opportunities.
• Foster a culture of collaboration, knowledge sharing, and continuous learning.

Strategy and Adoption:

• Define a comprehensive DevSecOps strategy that aligns with the company's security and business objectives.
• Champion the adoption of automation tools and processes to enhance efficiency and security.
• Establish and enforce best practices across the software development lifecycle (SDLC).

Maintenance and Support:

• Monitor system performance and troubleshoot issues.
• Perform system upgrades and maintenance tasks.

Automation and Optimization:

• Automate infrastructure tasks using scripting languages (e.g., Python, Bash) and automation tools (e.g., AWS CDK, AWS Lamda, Terraform).
• Lead the full adoption of CI/CD, leveraging technologies such as GitHub Actions, Jenkins, AWS CodeDeploy, CodePipeline, and CodeBuild.
• Ability to design and build ETL data pipelines for data processing and analysis, utilizing AWS native tools and visualization platforms such as Tableau.
• Optimize system performance and resource utilization, implementing cost-effective and efficient infrastructure solutions.

Testing and Quality Assurance:

• Design and implement automated testing frameworks to ensure software quality and performance throughout the CI/CD pipeline.
• Version Control and Configuration Management:
• Manage and enforce software versioning control (via GitHub and AWS CodeCommit) to ensure seamless collaboration and version integrity across development efforts.
• Leverage configuration management tools to automate infrastructure provisioning and configuration.

Virtualization and Containerization:

• Drive the adoption of containerization technologies (e.g., ECS, EKS, Docker, Kubernetes) for efficient, portable application deployments.
• Utilize virtualization technologies to create scalable, isolated environments for development and testing.

Security and Monitoring:

• Design and implement automated security testing, vulnerability scanning (SAST & DAST), and compliance checks.
• Continuously monitor applications and cloud services for security vulnerabilities and compliance risks.

Incident Response and Remediation:

• Develop incident response plans for security incidents.
• Perform threat modeling and risk assessments to identify and mitigate potential security issues.
• Conduct post-mortem analysis to identify root causes and improve security posture.

Collaboration and Communication:

• Work closely with engineers, data scientists, and solutions architects.
• Provide training and guidance to the development teams on secure coding practices and security tools.
• Communicate effectively with stakeholders on security risks and mitigation strategies.

Compliance and Governance:

• Develop account management governance policies to ensure secure user access, role-based permissions, and compliance with industry standards across cloud and on-premise environments.
• Maintain documentation, conduct audits, and stay updated on trends, vulnerabilities, and regulatory requirements.

Location: Hybrid in McLean, VA

Requirements

• Bachelor's degree in Computer Science, Engineering, or a related field. A master's degree in a relevant field is preferred.
• 7+ years of progressive experience in DevSecOps, DevOps, or a related role within a technical environment, including experience leading and mentoring DevSecOps engineers.
• Demonstrated experience in designing, implementing, and managing CI/CD pipelines and automated testing frameworks.
• Proven expertise in automating infrastructure and security tasks in cloud environments.
• Extensive experience with cloud platforms (e.g., AWS, Azure) and their security best practices.
• Proficiency in scripting languages (Python, Bash) and automation tools (e.g., Jenkins, GitHub Actions).
• Skilled in infrastructure deployment and management using IaC tools (e.g., AWS CloudFormation, Terraform).
• Proficient in automating infrastructure tasks with AWS services (e.g., AWS CDK, AWS Systems Manager, Lambda Functions, EventBridge).
• Experience with containerization technologies (e.g., Amazon ECS and EKS) and their secure integration into CI/CD pipelines.
• Ability to design and implement automated testing frameworks for CI/CD pipeline quality and performance, including unit, smoke, and regression testing.
• Expertise in automated security testing, vulnerability scanning, and continuous monitoring for security and compliance (e.g., AWS Inspector, AWS GuardDuty, AWS Security Hub, SonarQube).
• Familiarity with web technologies (e.g., HTTP, REST, API security) and database management (e.g., MySQL, PostgreSQL, MongoDB) to ensure data security and integrity in cloud and hybrid environments.
• Knowledge of account management governance, user access control, and regulatory compliance across cloud/on-prem environments, leveraging (e.g., AWS IAM, AWS Organizations, AWS Artifact).
• Skilled in version control (e.g., Git) and configuration management (e.g., AWS OpsWorks, AWS Systems Manager).
• Experience optimizing system performance and resource utilization using cloud services (e.g., EC2, S3, Auto Scaling).
• Excellent analytical, problem-solving, and troubleshooting abilities.
• Ability to work collaboratively in a team-oriented environment and drive initiatives to completion.
• Proactive approach to identifying and addressing security challenges.

Preferred Skills:

• Familiarity with software development methodologies (e.g., Agile, Waterfall).
• Experience utilizing virtualization technologies (e.g., VMware, Hyper-V).
• Experience implementing web application security (e.g., WAF, AWS Shield) and database security practices (e.g., encryption, IAM for RDS, Aurora, and DynamoDB).
• Experience in developing incident response plans, performing threat modeling, and conducting post-mortem analysis using AWS CloudTrail, AWS Config, and AWS CloudWatch.
• AWS certifications (e.g., DevOps Engineer, Solutions Architect).
• Knowledge of requirements of the various compliance frameworks such as NIST 800-53, CMMC 2.0, etc.

Clearance:

• US Citizenship required; the ability to obtain a security clearance may be required.

Benefits

The Company

We believe in generating success collaboratively, enabling long-term mission success, and building trust for the next challenge. With you as our partner, let's solve challenges, think innovatively, and maximize impact. As a valued member of our team, you have the unique opportunity to work in a diverse range of technology and business career paths, all while supporting our nation and delivering innovative technology solutions. We are a close community of experts that pride ourselves on creating an environment defined by teamwork, dedication, and excellence.

We hold three ISO certifications (27001:2013, 20000-1:2011, 9001:2015) and two CMMI ML 3 ratings (DEV and SVC).

Industry Recognition

Growth Inc 5000's Fastest Growing Private Companies, DC Metro List Fastest Growing; Washington Business Journal: Fastest Growing Companies, Top Performing Small Technology Companies in Greater D.C.

Culture Northern Virginia Technology Council Tech 100 Honoree; Virginia Best Place to Work; Washington Business Journal: Best Places to Work, Corporate Diversity Index Winner - Mid-Size Companies, Companies Owned by People of Color; Department of Labor's HireVets for our work helping veterans transition; SECAF Award of Excellence finalist; Victory Military Friendly Brand; Virginia Values Veterans (V3); Cystic Fibrosis Foundation Corporate Breath Award

Benefits

We offer competitive benefits package including paid time off, healthcare benefits, supplemental benefits, 401k including an employer match, discount perks, rewards, and more. We invest in our employees - Every employee is eligible for education reimbursement for certifications, degrees . click apply for full job details