DevOps Engineer, Sr Staff (FedRamp) jobs in United States
cer-icon
Apply on Employer Site
company-logo

Black Duck · 14 hours ago

DevOps Engineer, Sr Staff (FedRamp)

positionUnited States
timeFull-time
remoteRemote
senioritySenior Level, Lead/Staff
money$131K/yr - $196K/yr
date10+ years exp

Black Duck Software, Inc. is a leader in application security testing, helping organizations build secure, high-quality software. As a Senior Staff Engineer in the FedRAMP DevOps Platform Team, you will define the technical vision for a FedRAMP-authorized cloud platform, ensuring compliance with government security standards and accelerating the path to ATO.

Cyber SecurityOpen SourceSoftware
badNo H1BnoteSecurity Clearance RequirednoteU.S. Citizen Onlynote

Responsibilities

Define and architect the end-to-end FedRAMP-compliant cloud platform strategy, leveraging accelerators to achieve initial ATO within 12-18 months while establishing foundation for continuous authorization and multi-year scalability
Lead initial FedRAMP authorization from architecture through ATO: drive SSP authoring, NIST 800-53 control implementations, 3PAO coordination, and readiness assessment while establishing repeatable processes that reduce future authorization cycles by 40%
Architect secure, scalable platform infrastructure including CI/CD pipelines, Kubernetes environments, developer portal (Backstage), observability systems, and compliance automation that enables developer velocity while maintaining continuous compliance posture
Establish security and compliance architecture patterns across encryption, network segmentation, secrets management, supply chain security, and incident response that become organizational standards and reduce security review cycles
Drive technical decisions and technology selection for government cloud platforms, compliance tooling, and security controls; influence product roadmap to balance federal requirements with commercial product needs
Mentor and raise the technical bar across engineering teams through architecture reviews, design discussions, and establishing FedRAMP best practices; build organizational competency in compliance-aware development
Partner with security, product, and business leadership to translate federal customer requirements into technical architecture, manage compliance risk, and deliver measurable improvements in security posture and operational efficiency

Qualification

FedRAMP ATO experienceGovernment cloud platformsKubernetes securityInfrastructure-as-codeProgramming skillsCompliance requirementsCI/CD securityObservability systemsTechnical leadershipMentoringCollaborationProblem-solving

Required

U.S. citizenship required (FedRAMP and government customer requirements)
BS in Computer Science or related field, or equivalent experience
10+ years in SRE, DevOps, or Platform Engineering with demonstrated technical leadership across teams
Proven experience designing and achieving FedRAMP ATO (High or Moderate), including SSP authoring, NIST 800-53 control implementation, architecture documentation, and 3PAO coordination
Expert-level architecture experience on government cloud platforms (AWS GovCloud, Azure Government, or GCP for Government) with deep understanding of compliance requirements, networking, and security boundaries
Expertise in modern platform technologies: Kubernetes security, infrastructure-as-code (Terraform), GitOps (ArgoCD/Flux), CI/CD security, observability systems, and secrets management
Strong programming skills (Go, Python, or Node.js) and demonstrated ability to drive complex technical initiatives from architecture through production

Preferred

Experience leading multiple FedRAMP authorizations from architecture through ATO with track record of reducing time-to-authorization and establishing repeatable processes
Experience with FedRAMP accelerators (Stack Armor, Coalfire) and demonstrated ability to adapt frameworks while maintaining architectural integrity
Professional certifications: CISSP, AWS/Azure/GCP Security Specialty, CKS, GIAC, or equivalent
Experience with DoD environments (IL4/IL5), CMMC, compliance-as-code practices (OSCAL), and automated compliance documentation
Advanced degree in Computer Science or related field, or equivalent experience architecting secure, compliant platforms at scale

Company

Black Duck

twittertwittertwitter
company-logo
Black Duck® meets the board-level risks of modern software with True Scale Application Security, ensuring uncompromised trust in software for the regulated, AI-powered world.
dateFounded in 2002
location
Burlington, Massachusetts, USA
people-size5001-10000 employees
web-link
http://www.blackducksoftware.com

Funding

Current Stage
Late Stage
Total Funding
$82.5M
Key Investors
N47General CatalystSplit Rock Partners
2024-10-01Private Equity
2024-05-06Acquired
2016-07-18Series Unknown

Leadership Team

leader-logo
Jason Schmitt
Chief Executive Officer
linkedin
leader-logo
Roman Telerman
Chief Financial Officer
linkedin

Recent News

PR Newswire
Black Duck Appoints Roman Telerman as Chief Financial Officer to Drive Strategic Growth
2025-12-03
PR Newswire
Black Duck Named a Leader in the 2025 Gartner® Magic Quadrant™ for Application Security Testing for Eighth Consecutive Time
2025-10-14
PR Newswire
Black Duck Research Highlights Growing Security Debt as Development Teams Accelerate with AI
2025-10-09
Company data provided by crunchbase