Job Details

Location: Onsite – Fairfax, VA · U.S. Citizen Required (ITAR / Government Customer Requirements)

Type: Full Time

Job description

NextgenID is hiring an on-site, hands-on DevSecOps Manager to lead the security and platform operations for multi-cloud services running across AWS, Azure, and Google Cloud, managing a global network of identity verification stations.

This is a player/coach role: you will lead daily execution while setting the security and delivery standards required for SOC 2 (12–18 months) and FedRAMP Moderate. The role has a defined growth path to Director/VP based on performance, operating maturity, and leadership impact.

Role Fit & Non-Negotiables

• Onsite in Fairfax, VA — remote is not available.
• U.S. citizen required due to ITAR and government customer obligations.
• Comfortable operating as an incident leader when needed, with primary operational hours generally 8am–7pm EST.
• Hands-on ownership of security posture and DevOps/platform execution — this is not a policy-only or advisory role.

What You'll Own (90–180 Day Outcomes)

• Establish an audit-ready Secure SDLC and begin the transition from Azure DevOps (ADO) to GitHub, aligned with FedRAMP expectations.
• Implement pragmatic CI/CD controls: SAST/SCA, secrets scanning, infrastructure-as-code scanning, environment protections, and evidence capture.
• Harden multi-cloud identity and access: federation/SSO, least privilege, break-glass, and periodic access reviews.
• Improve detection and response using Elastic; mature vulnerability management using Qualys with SLAs, dashboards, and exception governance.
• Strengthen Windows fleet security using our custom command center: patching strategy, rollout rings/canary, rollback, remote isolate, baseline hardening, and telemetry coverage.
• Stand up a repeatable operating cadence: standups, change control, incident review, postmortems, and measurable reliability/security KPIs.

Key Responsibilities

Security Leadership (Hands-On)

• Own threat modeling and security architecture across edge, cloud, and SDLC.
• Lead incident response end-to-end (triage, containment, eradication, recovery, postmortem).
• Drive identity, encryption/key management, logging, detection engineering, and secure configuration baselines.

DevOps / Platform Engineering (Hands-On)

• Own CI/CD pipelines and release governance across Kubernetes and VM-based workloads.
• Define and enforce golden paths (templates, approved patterns, environment promotion, rollback) that accelerate delivery while improving security.
• Select and standardize infrastructure-as-code approach (Terraform/CloudFormation/Bicep/Pulumi) and implement policy guardrails.

Compliance Execution (SOC 2 & FedRAMP Moderate)

• Translate compliance requirements into engineering deliverables (controls, automation, evidence, continuous monitoring).
• Partner with GRC to prepare audit-ready artifacts without creating manual, high-friction processes.
• Create operational runbooks and control evidence that meets assessor scrutiny (NIST 800-53 mindset).

People Leadership (Player/Coach)

• Lead and mentor a small SOC/NOC and DevOps team, with clear priorities and accountability.
• Create a culture of high standards: measurable goals, calm execution under pressure, and continuous improvement.
• Hire and scale the team as the platform and compliance program grow.

Required Qualifications

• 7+ years in Security Engineering, DevOps, Platform/SRE, or equivalent roles with direct production ownership.
• Demonstrated experience building and operating secure CI/CD and release governance; experience with Azure DevOps and/or GitHub Actions.
• Strong cloud security fundamentals and hands-on delivery experience in at least two of AWS/Azure/GCP (multi-cloud preferred).
• Practical Windows security experience; ability to harden and operate Windows 10/11 environments at scale (IoT/embedded a plus).
• Incident response leadership experience (performed as incident commander or equivalent).
• Hands-on experience with SIEM/telemetry operations (Elastic preferred) and vulnerability management (Qualys preferred).
• Proven ability to lead, mentor, and build a small team; able to set standards without becoming a bottleneck.
• Must be able to work onsite in Fairfax, VA; U.S. citizen.

Preferred Qualifications

• FedRAMP Moderate experience (NIST 800-53 controls, SSP support, continuous monitoring, assessor engagement) and/or SOC 2 readiness delivery.
• Kubernetes security experience (RBAC, admission control, network policy, image policy, workload identity) plus VM hardening experience.
• Software supply chain maturity: SBOM, signed artifacts/provenance, dependency governance, runner hardening, secretless authentication (OIDC).
• Device fleet operations: staged rollouts, canary rings, rollback safety, remote isolation, and resilience under intermittent connectivity.
• PKI/credential management exposure: certificate lifecycle (issue/renew/revoke), CRL/OCSP concepts, HSM/KMS custody patterns, and separation of duties.

Signals We Look For

• You can explain how you prevent CI/CD credential theft and guarantee artifact integrity (OIDC/short-lived creds, signing/provenance, environment protections).
• You have led real incidents and can describe decisions, containment steps, and postmortem-driven improvements — not just tool lists.
• You think in terms of guardrails and golden paths: standardization that increases velocity while improving security and reliability.
• You can operate across Windows edge realities (physical exposure, patching/rings, remote isolate) and cloud control planes.

What Success Looks Like

• Security controls are implemented as automated guardrails, not manual gates; delivery speed improves while risk decreases.
• Incidents are handled predictably with documented playbooks and measurable improvements (MTTD/MTTR, recurrence reduction).
• SOC 2 and FedRAMP readiness progress with high-quality evidence capture and continuous monitoring, minimizing manual audit churn.
• The team becomes independent and scalable, enabling a Director-level operating model.