DevSecOps/Supply Chain Lead SME

Job Description

Everforth ECS is seeking a DevSecOps/Supply Chain Lead SME to work in the National Capital Region covering the Pentagon, Falls Church, and Fairfax . Please Note: This position is contingent upon contract award.

The War Data Platform (WDP) is a key initiative within the U.S. Department of War's (DoW) AI-First strategy introduced in early 2026. The WDP focuses on operational warfighting data and aims to accelerate the deployment of artificial intelligence (AI) on the battlefield. The WDP extends to Unclassified, Secret, and Top Secret environments, and supports collaboration between Combatant Commands, Joint Staff directorates, Senior Executive Service leaders, and operational analysts.

This role defines enterprise scanning policy and acceptance thresholds for vulnerability assessments executed within WDP Core Integration deployment pipelines, establishing and enforcing supply chain risk governance across Kubernetes, VMware, GitLab CI, and artifact repositories to protect AI and machine learning model serving missions across all classification enclaves.

Defines enterprise scanning policy and acceptance thresholds for vulnerability assessments executed within War Data Platform (WDP) Core Integration deployment pipelines supporting artificial intelligence and machine learning model serving missions for Department of War programs, Joint Staff analysts, Combatant Command elements, and Senior Executive Service leadership.
Establishes governance for all serving artifacts by developing vulnerability-classification standards, remediation pathways, and deploy-blocking criteria aligned with mission assurance requirements and cross-domain security architectures.
Coordinates remediation service-level agreements with engineering teams by directing triage workflows, validating corrective actions, and maintaining authoritative records of vulnerability disposition across Kubernetes clusters, VMware environments, GitLab Continuous Integration pipelines, SonarQube dashboards, Tenable Nessus scans, and artifact repositories.
Implements DevSecOps supply-chain methodologies to validate software provenance, dependency integrity, and hardened configuration baselines for all model-runtime components, API endpoints, and deployment templates.
Produces mission-critical deliverables-including scanning policy documentation, acceptance threshold definitions, remediation tracking reports, operational risk assessments, and release governance artifacts.
Leads collaboration with Platform One, Cloud One, multi-national engineering teams, and cross-service mission partners to strengthen operational readiness, reinforce deployment consistency, and advance program value commitments across all enclaves.
Supports Tier-4 incident response actions by providing authoritative vulnerability evidence, remediation guidance, and supply chain integrity documentation required for rapid triage and sustained mission performance.
Performs other duties as assigned.

Required Skills

Current Secret security clearance with the ability to obtain and maintain a Top Secret (TS) security clearance with Sensitive Compartmented Information (SCI).
CompTIA A+ certification.
Minimum 12 years of experience in DevSecOps, supply chain risk management, or cybersecurity engineering roles within classified or federal environments.
Hands-on experience with vulnerability-scanning and pipeline-security tools, including Tenable Nessus, SonarQube, and GitLab CI, with demonstrated ability to define scan policies, set acceptance thresholds, and direct remediation workflows.
Proven ability to design and enforce DevSecOps supply-chain best practices-including software provenance validation, dependency integrity checks, Software Bill of Materials (SBOM) development, and hardened configuration baselines-across containerized and cloud-native platforms.
Strong problem-solving and decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate solution.
Highly developed interpersonal and oral/written communication skills, with the ability to effectively and professionally interact with a diverse set of stakeholders (from peers to end-users to executive management).

Desired Skills

Active Top Secret (TS) security clearance with Sensitive Compartmented Information (SCI) eligibility.
Prior experience working with Platform One or Cloud One environments, including familiarity with their hardening standards, pipeline architectures, and artifact management frameworks.
Demonstrated history of managing SBOM governance and Supply Chain Risk Management programs, including evaluation of commercial and open source software components for supply chain risk and the generation of compliance reports.
Experience supporting continuous monitoring operations and Tier\u001e4 incident response across NIPRNet, SIPRNet, and JWICS, including management of Plan of Action and Milestones (POA&M) items and recurring authorization packages.
Background in leading cross-functional, multi-national engineering teams to implement security policy changes and deliver deployment-consistent, enclave-parity solutions across multiple classification domains.

ECS Federal LLC is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law.

Everforth ECS is the federal segment of Everforth , a $4B global organization with over 10,000 employees. Our nearly 3,500 professionals deliver advanced technology solutions in data and AI, cybersecurity, and enterprise transformation, serving defense, intelligence, and federal civilian agencies.

Our work powers mission-critical outcomes, strengthens technology partnerships, and creates meaningful opportunities for our people. We are defined by a commitment to excellence in delivery, a culture of innovation, and an environment where talent can thrive and grow.

We value:

• Attracting and developing top talent and high-performing teams
• Fostering a culture that is engaging, accountable, and mission-driven