Black Duck Software is hiring a Senior Staff DevOps Engineer to join our FedRAMP DevOps Platform Team. You will define and drive the technical vision for our FedRAMP-authorized cloud platform, enabling our expansion into the federal market. Your work will architect compliance-first infrastructure serving 500+ engineers while maintaining government security standards and accelerating our path to Authority to Operate (ATO).
What You'll Do
- Define and architect the end-to-end FedRAMP-compliant cloud platform strategy, leveraging accelerators to achieve initial ATO within 12-18 months while establishing a foundation for continuous authorization and scalability.
- Lead initial FedRAMP authorization from architecture through ATO: drive SSP authoring, NIST 800-53 control implementations, 3PAO coordination, and readiness assessment.
- Architect secure, scalable platform infrastructure including CI/CD pipelines, Kubernetes environments, developer portal (Backstage), observability systems, and compliance automation.
- Establish security and compliance architecture patterns across encryption, network segmentation, secrets management, supply chain security, and incident response.
- Drive technical decisions and technology selection for government cloud platforms, compliance tooling, and security controls.
- Mentor and raise the technical bar across engineering teams through architecture reviews, design discussions, and establishing FedRAMP best practices.
- Partner with security, product, and business leadership to translate federal customer requirements into technical architecture and manage compliance risk.
What We're Looking For
- U.S. citizenship required (FedRAMP and government customer requirements).
- BS in Computer Science or related field, or equivalent experience.
- 10+ years in SRE, DevOps, or Platform Engineering with demonstrated technical leadership across teams.
- Proven experience designing and achieving FedRAMP ATO (High or Moderate), including SSP authoring, NIST 800-53 control implementation, and 3PAO coordination.
- Expert-level architecture experience on government cloud platforms (AWS GovCloud, Azure Government, or GCP for Government) with deep understanding of compliance requirements.
- Expertise in modern platform technologies: Kubernetes security, infrastructure-as-code (Terraform), GitOps (ArgoCD/Flux), CI/CD security, observability systems, and secrets management.
- Strong programming skills (Go, Python, or Node.js) and demonstrated ability to drive complex technical initiatives from architecture through production.
Nice to Have
- Experience leading multiple FedRAMP authorizations from architecture through ATO with a track record of reducing time-to-authorization.
- Experience with FedRAMP accelerators (Stack Armor, Coalfire).
- Professional certifications: CISSP, AWS/Azure/GCP Security Specialty, CKS, GIAC, or equivalent.
- Experience with DoD environments (IL4/IL5), CMMC, compliance-as-code practices (OSCAL), and automated compliance documentation.
- Advanced degree in Computer Science or related field, or equivalent experience architecting secure, compliant platforms at scale.
Technical Stack
- Kubernetes
- Terraform
- ArgoCD/Flux
- Go, Python, Node.js
- AWS GovCloud, Azure Government, GCP for Government
Team & Environment
You will be a key technical leader and mentor within the FedRAMP DevOps Platform Team, responsible for building organizational competency in compliance-aware development.
Benefits & Compensation
- Compensation Range: $130,900—$196,400 USD
Black Duck Software considers all applicants for employment without regard to race, color, religion, sex, gender preference, national origin, age, disability, or status as a Covered Veteran in accordance with federal law. We also provide reasonable accommodation to individuals with a disability in accordance with applicable laws.
