Solutions Architect - FDIC Enterprise DevSecOpsLeidos • Virginia, Minnesota, United States
Solutions Architect - FDIC Enterprise DevSecOps
Leidos
- Virginia, Minnesota, United States
- Virginia, Minnesota, United States
À propos
Primary Responsibilities
Platform Architecture and Target‑State Design
Own the DevSecOps platform architecture across the FDIC hybrid estate (Azure primary - AKS, ACR, App Gateway, Key Vault; plus AWS, mainframe z/OS/Endevor, WebLogic/WebSphere, Oracle, PeopleSoft, SAP Data Services, MuleSoft, Appian, Salesforce, Power Platform); produce and maintain Architecture Decision Records (ADRs) aligned to FDIC target‑state EA.
Design self‑managed platform deployments for JFrog Artifactory/Xray, SonarQube, GitHub Enterprise Server (GHES), GitHub Advanced Security (GHAS)/CodeQL, and Subject7 on AKS; define upgrade paths under the n/n‑1 version strategy.
Establish immutable‑infrastructure and GitOps patterns (Flux, Helm) for the AKS platform; author Terraform IaC modules and Bicep templates for repeatable, policy‑compliant provisioning across Azure and AWS landing zones.
Design pipeline architecture for a large CI/CD pipeline estate (GitHub Actions; on‑prem, cloud, hybrid, multicloud patterns), integrating blocking security gates: SAST/SCA on Critical/High, IaC scan on Critical, DAST on Critical, container scan on Critical/High, SonarQube quality gate on fail.
Define architecture for GitHub Copilot (SaaS) integration and AI‑assisted development workflows within FDIC compliance constraints.
Architect Zero Trust controls aligned to OMB M‑22‑09 and CISA ZTMM 2.0 at Optimal maturity; map identity (Entra/CyberArk), device, network, application, and data pillars to the DevSecOps toolchain.
Design policy‑as‑code enforcement (OPA/Gatekeeper, Azure Policy) for Kubernetes admission control and IaC guardrails; ensure CyberArk and Azure Key Vault secrets management patterns meet FIPS 140‑2/3 and PQC (FIPS 203/204/205) requirements.
Define cATO (continuous ATO) architecture: continuous compliance monitoring via Splunk and DynaTrace, automated evidence collection, and alignment to NIST 800‑37/800‑53/800‑88/800‑207 control families for FISMA‑moderate boundary.
Establish container security architecture integrating Aqua, Trivy, Trufflehog, and GHAS/CodeQL scanning into build and release pipelines; ensure secrets + peer‑review gates at Develop stage are architecturally enforced.
Lead architecture reviews through enterprise architecture and change governance boards (EA fitness gate), CCB, ISSM/ISSO, and OCISO coordination bodies; produce fitness‑gate artifacts that prevent rework.
Design integration patterns connecting Azure/AKS cloud pipelines to mainframe z/OS/Endevor build and deploy workflows; ensure CI/CD coverage spans both cloud and mainframe application portfolios within the full enterprise application scope.
Architect API and event‑driven integration patterns for MuleSoft, Appian, Salesforce, and Power Platform workloads; define DevSecOps onboarding playbooks for each platform tier.
Produce reference architectures for WebLogic/WebSphere, Oracle, PeopleSoft, and SAP Data Services application pipelines, covering build, scan, test (Selenium/Playwright/JMeter/Subject7), and release stages.
Architect the observability stack (Splunk, DynaTrace, Azure Monitor) to enforce >99.5% availability SLAs for the 83 Mission Essential/Critical applications and Critical/High security‑finding remediation within ≤30 days and Moderate within ≤90 days.
Design capacity and resilience patterns for AKS clusters and self‑managed tool infrastructure to absorb high volumes of ServiceNow requests without degradation.
Serve as the technical authority and primary architect point of contact for FDIC, resolving architecture ambiguities autonomously to minimize client intervention.
Lead architecture working sessions, produce decision briefs for enterprise architecture and change governance boards and OCISO, and ensure all platform changes pass EA fitness gates before implementation.
Mentor senior engineers and DevSecOps leads on architecture patterns, IaC standards, and secure‑by‑default pipeline design.
Author and maintain architecture runbooks, pattern libraries, and design standards that become the program's shared engineering baseline.
Required Qualifications
Bachelor's degree in Computer Science, Computer Engineering, Information Systems, Electrical Engineering, or a closely related technical discipline. In lieu of degree, additional years experience may be required.
Must be able to obtain and maintain a Public Trust clearance.
Minimum 12 years of progressive IT experience with at least 5 years in senior solution/enterprise architecture roles (or a Master's degree with 10 years).
Demonstrated hands‑on architecture ownership (current experience, typically within the past 1-2 years) of a self‑managed GitHub Enterprise Server (GHES) and GitHub Cloud/Actions environment at enterprise scale (hundreds of repositories and active pipelines).
Recent, hands‑on experience designing and operating JFrog Artifactory/Xray, SonarQube, and GitHub Advanced Security (GHAS)/CodeQL as self‑managed, AKS‑hosted services - not SaaS consumption only.
Proven, recent experience authoring production‑grade Terraform IaC modules and Kubernetes/AKS manifests for a regulated federal or financial‑sector environment; immutable infrastructure and policy‑as‑code patterns required.
Experience leading architecture through formal EA governance bodies (equivalent to enterprise architecture fitness‑gate boards, CCB, or ATO boards) in a FISMA‑moderate or higher environment.
Recent architecture experience integrating CI/CD pipelines across a hybrid estate that includes both cloud‑native AKS workloads and mainframe or host‑based build/deploy environments (z/OS, Endevor, or equivalent); candidate must demonstrate design authority over both sides of the hybrid boundary, not cloud‑only coverage.
GitHub Enterprise Server (self‑managed), GitHub Cloud, GitHub Actions, GitHub Advanced Security (GHAS), CodeQL, GitHub Copilot
JFrog Artifactory / Xray, SonarQube, Aqua, Trivy, Trufflehog (self‑managed, AKS‑hosted deployment and operations)
Azure: AKS, ACR, App Gateway, Key Vault, Azure Policy, Azure Monitor; AWS: integration and landing‑zone patterns
Terraform IaC, Bicep, Packer; Helm, Flux (GitOps); Docker; Kubernetes (AKS)
Policy‑as‑code: OPA/Gatekeeper, Azure Policy, admission controller patterns
NIST 800‑53 / 800‑207, OMB M‑22‑09, CISA ZTMM 2.0, FISMA‑moderate, FIPS 140‑2/3
CyberArk, Azure Key Vault secrets management; FIPS 140‑2/3 cryptographic boundaries
Splunk, DynaTrace, Azure Monitor for observability and compliance evidence collection
Preferred Qualifications
Microsoft Certified: Azure Solutions Architect Expert (AZ‑305) - active
AWS Certified Solutions Architect - Professional - active
Certified Kubernetes Administrator (CKA) or Certified Kubernetes Application Developer (CKAD)
CISSP (Certified Information Systems Security Professional) or CCSP (Certified Cloud Security Professional)
HashiCorp Terraform Associate (003) or HashiCorp Infrastructure Automation Certification
Architecture experience at enterprise scale across hybrid on‑prem and multi‑cloud environments.
Hands‑on design of CI/CD pipeline architectures covering mainframe (z/OS, Endevor) alongside cloud‑native AKS workloads in the same DevSecOps platform.
Experience designing Subject7 test automation platform deployment and integration within a DevSecOps pipeline (alongside Selenium, Playwright, JMeter).
Architecture ownership for enterprise middleware platforms in a DevSecOps context: MuleSoft, WebLogic/WebSphere, Oracle, PeopleSoft, SAP Data Services.
cATO architecture and continuous compliance automation in a FISMA‑moderate boundary; experience producing evidence packages accepted by an ISSM/ISSO without rework.
Experience with PQC migration planning (FIPS 203/204/205) and FIPS 140‑3 cryptographic module selection.
12 CFR 366 (FDIC contractor conduct standards) or equivalent financial‑regulator contractor compliance experience.
Section 508 architecture patterns for enterprise web and portal applications.
All qualified applicants will receive consideration for employment without regard to sex, race, ethnicity, age, national origin, citizenship, religion, physical or mental disability, medical condition, genetic information, pregnancy, family structure, marital status, ancestry, domestic partner status, sexual orientation, gender identity or expression, veteran or military status, or any other basis prohibited by law. Leidos will also consider for employment qualified applicants with criminal histories consistent with relevant laws.
#J-18808-Ljbffr
Compétences linguistiques
- English
Avis aux utilisateurs
Cette offre provient d’une plateforme partenaire de TieTalent. Cliquez sur « Postuler maintenant » pour soumettre votre candidature directement sur leur site.