DevSecOps Engineer – Senior

Company Overview

By Light Professional IT Services LLC readies warfighters and federal agencies with technology and systems engineered to connect, protect, and prepare individuals and teams for whatever comes next. Headquartered in McLean, VA, By Light supports defense, civilian, and commercial IT customers worldwide.

Position Overview

By Light is seeking personnel to provide comprehensive support for the Defense Contract Management Agency (DCMA) Facilities Management team in the implementation and sustainment of a Computer-Aided Facility Management (CAFM) software solution. This engagement, titled “DCMA CAFM SaaS Support Services,” encompasses a base year plus four option years (September 30, 2025 – September 29, 2030), and will facilitate the optimization of facility operations across DCMA’s nationwide and overseas portfolio, totaling over 1.3 million square feet.

By Light will deliver a FedRAMP-approved, Impact Level 4 SaaS solution and a full spectrum of professional services, including system implementation, software development, system administration, help desk customer support, virtual and on-site training, and ongoing cybersecurity management. The CAFM system is required to streamline space planning, asset and lease tracking, capital and building operations management, and reporting, while enabling seamless integration with Autodesk and compliance with all applicable DoD cybersecurity and accessibility standards.

Responsibilities

• Lead the design, implementation, and ongoing management of secure Continuous Integration/Continuous Deployment (CI/CD) pipelines for the DCMA Computer-Aided Facility Management (CAFM) SaaS environment, ensuring rapid, reliable, and secure delivery of software enhancements and patches.
• Enforce DevSecOps best practices to integrate security at every phase of the software development lifecycle by automating vulnerability scanning, code analysis, compliance checks, and remediation processes.
• Collaborate with software developers, cybersecurity analysts, and system administrators to architect highly available, scalable, and compliant cloud-based solutions in accordance with FedRAMP and DoD Security Technical Implementation Guides (STIGs).
• Maintain, monitor, and improve infrastructure-as-code deployments, configuration management, and patch management processes across multiple environments (development, test, staging, production).
• Ensure all systems, services, and tools meet or exceed RMF, NIST 800-53, IL4, and other DoD cybersecurity requirements and support FISMA compliance.
• Automate deployment, monitoring, backup, and disaster recovery strategies to ensure system resilience and business continuity.
• Lead efforts to assess and mitigate risks associated with software supply chain, open-source software usage, and third-party integrations.
• Document DevSecOps processes, configuration changes, and provide training and mentorship to intermediate DevSecOps and development team members.
• Evaluate new tools and technologies to enhance automation, monitoring, and security in the CAFM development and operational environments.
• Participate in Agile sprints, provide input to sprint planning, and collaborate in cross-functional team meetings to align DevSecOps activities with overall project objectives.

Required Experience/Qualifications

• Bachelor’s Degree in Computer Science, Cybersecurity, Information Systems, Engineering, or a related technical field.
• Minimum 7 years’ experience in DevOps/DevSecOps roles, with at least 3 years supporting cloud-based (SaaS) solutions in DoD, federal, or critical infrastructure environments.
• Demonstrated expertise in the deployment and administration of secure CI/CD pipelines, container orchestration (e.g., Docker, Kubernetes), and infrastructure-as-code tools (e.g., Terraform, Ansible).
• Experience implementing security automation tools for code analysis, vulnerability scanning, and compliance validation within a DevSecOps workflow.
• Deep knowledge of FedRAMP, NIST 800-53, RMF, and DoD cloud/security controls.
• Hands-on experience with cloud platforms (e.g., AWS GovCloud, Azure Government, or equivalent environments).
• Proficiency with scripting languages (e.g., Python, Bash, PowerShell) and version control systems (e.g., Git, GitLab).

Preferred Experience/Qualifications

• Master’s Degree in Information Security, Computer Science, or related domain.
• Experience supporting CAFM, asset management, or facilities management SaaS solutions in federal or DoD settings.
• Experience conducting, documenting, and remediating results of Authority to Operate (ATO) packages and other formal system accreditation processes.
• Industry certifications such as:
• Certified DevSecOps Professional (CDP)
• Certified Kubernetes Administrator (CKA)
• AWS Certified DevOps Engineer or Azure DevOps Expert
• CompTIA Security , CASP , or CISSP (for security emphasis)
• GIAC Certified DevSecOps Professional
• Familiarity with Section 508 accessibility requirements and secure software supply chain management.
• Experience mentoring or leading DevSecOps teams.

Special Requirements/Security Clearance

• U.S. citizenship required.