Senior DevSecOps Architect

Dragonfli Group is a cybersecurity and IT consulting firm providing services to federal agencies and Fortune 100 enterprises. Headquartered in Washington, DC, Dragonfli supports clients in securing mission-critical systems across on-site, hybrid, and fully remote environments.This contract role, Senior DevSecOps Architect, supports a large federal agency by embedding security into every stage of the software delivery lifecycle and protecting cloud-native and AI-native applications within a large-scale CI/CD environment. You will design, implement, and operate a robust, self-healing DevSecOps ecosystem, leveraging AI/ML for automated threat detection, optimized code reviews, and security automation, while integrating SAST/DAST/SCA/secret scanning into GitHub Actions, GitLab CI, or Jenkins; building on Kubernetes and Terraform/Pulumi across AWS, Azure, or GCP; implementing Policy as Code with Open Policy Agent (OPA); and strengthening observability using eBPF, Prometheus, and tools such as Dynatrace or Datadog. This role requires seasoned DevSecOps leadership, hands-on technical depth, and strong communication and planning skills to balance rapid delivery with uncompromising security. It's a high-impact opportunity to shape secure software delivery and AI security within a major federal agency.This is a multi-year contract position involving a large US federal agency. Candidates with previous federal contracting experience are preferred. U.S. Citizenship or Permanent Residency required. If hired, all work related to this role must be performed within the continental U.S.Responsibilities:Lead the evolution of the software delivery lifecycle by embedding security into every stage of CI/CDArchitect and maintain automated CI/CD pipelines using AI/ML for SAST/DAST to detect complex vulnerabilitiesDesign security frameworks for the end-to-end AI lifecycle, including data ingestion security and model protectionImplement guardrail architectures for Large Language Models (LLMs) and AI-native applicationsDevelop AI-driven orchestration (SOAR) to automate triage and remediation of security findingsImplement Policy as Code governance using Open Policy Agent (OPA) to enforce compliance across multi-cloud environmentsIntegrate SAST, DAST, SCA, and secret scanning into GitHub Actions, GitLab CI, or Jenkins pipelinesConduct advanced threat modeling for cloud-native applications, including AI-specific attack vectors (e.g., model inversion, data poisoning)Create self-service security tools and Golden Paths to enable secure developer workflows with minimal frictionEstablish and enhance observability for security and reliability using eBPF, Prometheus, and logging/monitoring platforms (e.g., Dynatrace or Datadog)Requirements: 10+ years of IT experience5+ years dedicated to DevSecOps leadership in high-scale environmentsExpert-level experience with KubernetesExpert-level experience with Terraform or PulumiHands-on experience with at least one major cloud platform: AWS, Azure, or GCPMastery integrating SAST, DAST, SCA, and secret scanning into CI/CD (GitHub Actions, GitLab CI, or Jenkins)Hands-on experience securing MLOps pipelines and AI-integrated APIsProficiency in Python, Go, or Bash for security automation and scriptingDeep knowledge of eBPF and Prometheus for observability in modern environmentsStrong ability to communicate and align DevOps speed with security rigor, including with executive leadershipSkill(s): DevSecOps architecture and secure SDLC leadershipAI/ML-driven security automation and threat detectionCI/CD pipeline engineering and security controls implementationCloud-native security for Kubernetes-based platformsPolicy as Code and automated compliance enforcementThreat modeling for cloud-native and AI-specific attack vectorsBuilding developer self-service security tooling and secure Golden PathsIncident triage and remediation automation (SOAR concepts)Cross-team collaboration, planning, and clear stakeholder communicationBenefits: Insurance – health, dental, and visionPaid Time Off (PTO) and 11 Federal Holidays401(k) employer match