Developer Experience Lead (Senior) - FDIC Enterprise DevSecOps

Posted 6 Hours Ago
Be an Early Applicant
Hiring Remotely in US
Remote
131K-237K Annually
Senior level
Information Technology • Software
The Role
Senior technical lead owning developer experience and platform enablement: design self-service golden paths, reusable CI/CD templates, and policy-as-code guardrails; integrate supply-chain and application security into pipelines; lead secure AI-assisted development and AI governance; treat the platform as a product with roadmap, metrics, and Agile releases; mentor engineers and influence FDIC stakeholders to drive secure, consistent developer workflows across cloud, on-prem, and mainframe environments.
Summary Generated by Built In
The Developer Experience Lead is a senior Key Personnel position on the FDIC Enterprise DevSecOps contract, directly supporting the client's CIO organization (CIOO) and the Delivery Automation and User Experience Section (DAUXS), which owns the enterprise CI/CD and automated-testing frameworks used by application teams.

As the senior subject-matter expert for developer experience and platform enablement, this lead makes the secure path the easy path: designing self-service golden paths, reusable pipeline templates, and paved-road tooling - with built-in security, compliance, and quality guardrails - so product teams across a large, complex enterprise estate (Azure with AKS, AWS, on-premises, and mainframe systems) can build, test, and ship software faster and more safely. Treating the developer platform as a product, the lead releases improvements on an Agile cadence, measures and raises developer productivity and tool adoption, and leads secure, governed adoption of AI-assisted development. Serving as a technical leader, the lead mentors engineers, influences platform direction with FDIC stakeholders, and performs with little or no FDIC intervention.

PRIMARY RESPONSIBILITIES

Self-Service Platform and Golden Paths

  • Develop and maintain templates, playbooks, and paved-road patterns that enable product-team self-service with built-in security, compliance, and quality guardrails, so the secure and compliant path is the default path - making the right thing the easy thing for delivery teams.
  • Design reusable, chained, language-agnostic pipeline templates that separate project-owned delivery activities from enterprise-enforced governance and security validation, supporting multiple stacks (for example Java, Python, JavaScript/TypeScript, .NET, Go) and Infrastructure-as-Code so teams inherit the enterprise security gates automatically rather than building bespoke pipelines.
  • Reduce friction and cognitive load across the inner-loop and outer-loop developer workflow while preserving policy-as-code controls, and ensure consistent use of approved DevSecOps frameworks, tools, and automation pipelines across application teams.

Developer Productivity and Continuous Improvement

  • Treat the developer platform as a product: maintain a managed backlog and roadmap, release changes to tools, toolchains, and pipelines on a frequent, predictable Agile cadence, and assess and pilot emerging DevSecOps tools and practices where the value and security case is proven.
  • Define, collect, and analyze developer-experience and productivity metrics (for example lead time, deployment frequency, change-failure rate, and developer-satisfaction signals) to identify and prioritize improvements.
  • Drive measurable delivery outcomes through reusable, self-service capabilities: shorten environment and pipeline setup time, accelerate delivery, improve software quality and consistency, and reduce risk and rework for product teams.

AI-Enabled Developer Experience and AI Governance

  • Lead secure, governed, organization-wide adoption of AI coding assistants (for example GitHub Copilot): define and enforce secure-coding policy, configure content exclusions and guardrails, and ensure AI-generated code is peer-reviewed and passes the enterprise security gates before merge.
  • Evaluate, pilot, and integrate agentic AI and AI coding-agent capabilities (for example Claude Code, GitHub Copilot agents, and comparable tools) into the developer platform - for test generation, code modernization, documentation, and pipeline automation - with constrained tool access, least-privilege permissions, and human-in-the-loop review; apply AI and large language model techniques to reduce toil and improve software quality.
  • Ensure AI solutions in the platform comply with applicable Federal AI mandates and AI governance frameworks and adhere to the NIST Control Overlays for Securing AI Systems (extending NIST SP 800-53), the OWASP Top 10 for LLM Applications, and the NIST AI Risk Management Framework; maintain an inventory of AI tools and AI-consuming processes and remediate shadow AI.

Policy-as-Code Governance, Supply-Chain, and Application Security.

  • Develop and maintain a policy-as-code governance framework (for example Open Policy Agent and Rego, or comparable) that automates enforcement across software quality, supply-chain security, deployment, and infrastructure, blocking promotion on Critical/High findings, with automated audit-evidence generation, waiver and risk-acceptance management, and continuous compliance supporting NIST and RMF.
  • Implement software supply-chain security controls in the pipeline (SBOM generation and validation, container image signing, approved-registry enforcement, and license-compliance checks) and Infrastructure-as-Code governance (for example a Terraform governance framework) so cloud and infrastructure changes are validated for security and compliance before deployment.
  • Integrate and tune SAST, DAST, SCA, container, and IaC security scanning (for example SonarQube, GitHub Advanced Security/CodeQL, JFrog Xray, Aqua/Trivy) into the golden-path pipelines with policy-gated enforcement, and foster shift-left secure coding aligned to the OWASP Top 10 and NIST SP 800-53, supporting teams in remediating vulnerabilities to defined security standards.

Enablement, Community, and Technical Leadership

  • Author and maintain guidance, practice guides, training, and internal developer portals (GitHub Pages, SharePoint); facilitate the developer community of practice through knowledge-sharing and outreach; and report on teams not using required DevSecOps tools, with the actions taken to promote adoption.
  • Serve as the developer-experience subject-matter expert: mentor engineers, solution architects, and SREs; set platform standards; and influence FDIC stakeholders and executive leadership on platform direction and developer-productivity strategy.
  • Ensure platform changes follow FDIC Change Control Board (CCB) procedures and comply with FDIC, Federal, and industry security frameworks (NIST, FISMA), and partner with the DevSecOps, AppSec, and architecture leads so golden paths embed the enterprise security and zero-trust controls rather than bypassing them.

REQUIRED QUALIFICATIONS

  • U.S. Citizen.
  • Must be able to obtain and maintain a Public Trust determination.
  • As a named Key Personnel position, the candidate may be required to participate in client presentations or interviews.
  • Bachelor's degree in Computer Science, Computer Engineering, Information Systems, Software Engineering, or a closely related technical discipline. In lieu of degree, 4 additional years of directly relevant experience may substitute.

Experience

  • Minimum 12 years of progressive software-engineering or platform-engineering experience, including hands-on software development (12-15 years typical for this senior subject-matter-expert level), with at least 3 recent, hands-on years (typically within the past 1-2) building developer-experience or internal-developer-platform capabilities - self-service templates, golden paths, or reusable CI/CD pipelines - in a large enterprise environment.
  • Demonstrated recent, hands-on experience architecting reusable, policy-enforced CI/CD pipelines on an enterprise CI/CD platform (for example GitHub Actions, Harness, or comparable), authoring reusable templates and starter patterns adopted by multiple teams, with the ability to apply these patterns to a GitHub-based toolchain (GitHub Enterprise Server and GitHub Actions).
  • Demonstrated experience designing self-service tooling with built-in security, compliance, and quality guardrails - policy-as-code and templated security gates (for example Open Policy Agent/Rego) - rather than bypassing them.
  • Hands-on experience implementing Kubernetes-native deployment (automated manifest generation, progressive-delivery strategies, health verification, and secure deployment of signed artifacts) on Microsoft Azure (AKS) or comparable.
  • Experience implementing software supply-chain security controls (SBOM, image signing, approved-registry and license-compliance enforcement) and continuous-compliance/audit-evidence automation supporting NIST and RMF, and integrating application-security testing (SAST, DAST, SCA, container, and IaC scanning) into CI/CD pipelines with policy-gated enforcement grounded in the OWASP Top 10 and NIST SP 800-53.
  • Proven experience treating a developer platform or toolchain as a product (managing a backlog and roadmap, releasing on an Agile cadence, measuring adoption and productivity outcomes), with proficiency in at least one modern programming language (for example Python, Java, JavaScript/TypeScript) for platform tooling, automation, and integrations.
  • Demonstrated experience enabling secure, governed adoption of AI coding assistants (for example GitHub Copilot) and applying AI or large language model capabilities to developer-productivity or software-delivery workflows, with working knowledge of the AI attack surface (OWASP Top 10 for LLM Applications) and AI security controls (NIST AI Risk Management Framework and Control Overlays for Securing AI Systems).
  • Demonstrated technical leadership: mentoring engineers, solution architects, and SREs, influencing stakeholders or executive leadership on technical direction, and building and sustaining a developer community of practice.

Technical Skills

  • GitHub Enterprise Server (self-managed) and GitHub Actions; reusable workflows, starter repositories, and templated pipelines; self-service platform / golden-path design with policy-as-code guardrails (for example OPA/Gatekeeper)
  • Infrastructure as Code (Terraform, Bicep) and IaC governance; Kubernetes/AKS and Kubernetes-native progressive delivery; container fundamentals (Docker, Helm, Flux)
  • Software supply-chain security (SBOM generation/validation, container image signing such as cosign, approved-registry and license-compliance enforcement) and continuous-compliance/audit-evidence automation (NIST, RMF)
  • Application-security testing integration (SAST, DAST, SCA, container, and IaC scanning - for example SonarQube, GitHub Advanced Security/CodeQL, JFrog Xray, Aqua/Trivy) with policy-gated gates; OWASP Top 10 and NIST SP 800-53 secure-coding coverage
  • Python, Java, or JavaScript/TypeScript for platform tooling and automation; developer portals and documentation platforms (GitHub Pages, SharePoint; Backstage or comparable a plus); developer-productivity and delivery metrics (DORA-style)
  • Generative and agentic AI for development (for example GitHub Copilot, Claude Code, Copilot agents) with constrained tool access and least-privilege controls; secure review of AI-generated code
  • AI governance and AI security: OWASP Top 10 for LLM Applications, NIST AI Risk Management Framework, and the NIST Control Overlays for Securing AI Systems
  • Agile/Scrum delivery and product-management practices for an internal platform

PREFERRED QUALIFICATIONS

  • Certified ScrumMaster (CSM), SAFe, or a comparable Agile delivery credential.
  • Security credential such as Certified Secure Software Lifecycle Professional (CSSLP), CISSP, or GIAC Cloud Security Automation (GCSA).
  • Cloud or IaC credential such as Microsoft Certified: Azure DevOps Engineer Expert (AZ-400), HashiCorp Certified: Terraform Associate, or Certified Kubernetes Administrator (CKA/CKAD).
  • Experience supporting a large, complex enterprise DevSecOps platform (many application teams, large repository count, high pipeline volume) with the ability to operate independently from Day 1, ideally in a FISMA Moderate, regulated-financial, or comparable federal environment subject to formal change control and security governance.
  • Experience standing up or maturing an internal developer platform / platform-engineering function and demonstrably improving developer-productivity metrics.
  • Backstage or comparable internal developer portal; inner-source program design and developer-community building at enterprise scale.
  • Familiarity with the FDIC self-managed toolchain ecosystem (GitHub Advanced Security, JFrog Artifactory/Xray, SonarQube, Subject7) and AKS-based deployment (Helm, Flux).
  • Federal AI governance fluency: OMB AI memoranda (M-25-21, M-25-22), NIST AI 600-1 Generative AI Profile, and emerging AI-management credentials (for example ISO/IEC 42001).

WORK ENVIRONMENT / OTHER

  • Position may require participation in on-call or surge support activities to maintain high availability for FDIC Mission Essential and Mission Critical applications. Standard shift is Day; occasional off-hours support may be required for planned maintenance windows and incident response coordination.

This is a primarily remote position; occasional on-site presence at FDIC headquarters (Arlington, VA) may be required as needed.

Minimal travel.

If you're looking for comfort, keep scrolling. At Leidos, we outthink, outbuild, and outpace the status quo — because the mission demands it. We're not hiring followers. We're recruiting the ones who disrupt, provoke, and refuse to fail. Step 10 is ancient history. We're already at step 30 — and moving faster than anyone else dares.

Original Posting:July 2, 2026

For U.S. Positions: While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.

Pay Range:Pay Range $131,300.00 - $237,350.00

The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.

Skills Required

  • U.S. Citizen.
  • Able to obtain and maintain a Public Trust determination.
  • Bachelor's degree in Computer Science, Computer Engineering, Information Systems, Software Engineering, or closely related; or 4 additional years of relevant experience in lieu of degree.
  • Minimum 12 years progressive software-engineering or platform-engineering experience, including hands-on development and platform work; 3+ recent hands-on years building developer-experience or internal-developer-platform capabilities.
  • Hands-on experience architecting reusable, policy-enforced CI/CD pipelines on enterprise CI/CD platforms (e.g., GitHub Actions, Harness) and GitHub Enterprise Server.
  • Experience designing self-service golden paths, reusable pipeline templates, and policy-as-code guardrails (e.g., OPA/Rego).
  • Kubernetes-native deployment experience on Azure AKS (Helm, Flux), including progressive delivery and secure signed artifacts.
  • Experience implementing software supply-chain security controls (SBOM generation/validation, container image signing like cosign, approved-registry and license-compliance enforcement) and continuous-compliance automation (NIST, RMF).
  • Experience integrating SAST, DAST, SCA, container, and IaC scanning into CI/CD pipelines (e.g., SonarQube, GitHub Advanced Security/CodeQL, JFrog Xray, Aqua/Trivy) with policy-gated enforcement.
  • Proficiency in at least one modern programming language for platform tooling and automation (Python, Java, or JavaScript/TypeScript).
  • Demonstrated experience enabling secure, governed adoption of AI coding assistants (e.g., GitHub Copilot) and applying LLM techniques to developer-productivity workflows with AI governance awareness.
  • Proven technical leadership: mentoring engineers, influencing stakeholders and executive leadership, managing platform backlog and roadmap, and measuring developer-productivity outcomes.
  • Certified ScrumMaster (CSM), SAFe, or comparable Agile credential.
  • Security credential such as CSSLP, CISSP, or GIAC Cloud Security Automation (GCSA).
  • Cloud/IaC credential such as AZ-400, HashiCorp Terraform Associate, or CKA/CKAD.
  • Experience supporting a large, complex enterprise DevSecOps platform in FISMA Moderate, regulated-financial, or comparable federal environment.
  • Experience with Backstage or comparable internal developer portals, inner-source programs, and developer-community building.
  • Familiarity with FDIC self-managed toolchain (GitHub Advanced Security, JFrog Artifactory/Xray, SonarQube, Subject7) and AKS-based deployment (Helm, Flux).
  • Federal AI governance fluency (OMB AI memoranda, NIST AI profiles, ISO/IEC 42001 familiarity).

Leidos Compensation & Benefits Highlights

The following summarizes recurring compensation and benefits themes identified from responses generated by popular LLMs to common candidate questions about Leidos and has not been reviewed or approved by Leidos.

  • Healthcare Strength Healthcare coverage is described as comprehensive, with multiple plan options, low office-visit copays in some plans, and access to mental health and wellness support tools. The availability of HSA/FSA options and employer contributions is positioned as a meaningful part of the total package.
  • Retirement Support Retirement benefits are framed as a strong component of total rewards, highlighted by a 401(k) match and immediate vesting in the standard package. The Employee Stock Purchase Plan is also presented as an additional long-term wealth-building feature.
  • Wellbeing & Lifestyle Benefits Wellbeing and lifestyle supports extend beyond core insurance, including wellness programs, fitness-related stipends, and assistance resources. Work flexibility and related perks are also included as part of the broader rewards experience.

Leidos Insights

Am I A Good Fit?
beta
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.

The Company
HQ: Reston, VA
27,104 Employees
Year Founded: 1969

What We Do

We Are Leidos For 50 years we have been tackling some of the biggest problems that face our nation and our world. OUR MISSION Through our culture of innovation and history of performance, we develop deep customer trust built on integrity and create enduring solutions that improve our world. Leidos is a science and technology solutions leader working to address some of the world’s toughest challenges in the defense, intelligence, homeland security, civil, and healthcare markets. The company’s 43,000 employees support vital missions for government and commercial customers. Headquartered in Reston, Va., Leidos reported annual revenues of approximately $11.09 billion for the fiscal year ended January 3, 2020. Leidos was cited for the meaningful work employees perform that is challenging, impactful, and aligned with our customers’ missions as reasons professionals want to work and stay at our company. Leidos has also been named to lists including Forbes’ Best Employers for Diversity, Forbes’ America’s Best Employers for Women, Military Times Best for Vets Employers, and Ethisphere Institute’s World's Most Ethical Companies®. Employees enjoy career enrichment opportunities available through mobility and development and experience rewarding relationships with supportive supervisors and talented colleagues and customers. Employees appreciate our flexible work environment, allowing for and encouraging a true work-life balance. Our professionals are also excited about our Employee Resource Groups, like the newly launched Collaborative Outreach with Remote and Embedded Employees (CORE), which strives to create an environment where every employee, regardless of location, feels fully engaged as a valued employee of Leidos. Your most important work is ahead.

Similar Jobs

SerpApi, LLC Logo SerpApi, LLC

Senior Content Specialist

Artificial Intelligence • Big Data • Cloud • Information Technology
Remote
USA
55 Employees
100K-120K Annually

Ashley Digital Logo Ashley Digital

Brand Manager

eCommerce • Retail
Remote
USA
238 Employees
110K-140K Annually

Dynatrace Logo Dynatrace

Technical Support

Artificial Intelligence • Big Data • Cloud • Information Technology • Software • Big Data Analytics • Automation
Remote or Hybrid
Boston, MA, USA
5600 Employees

Motive Logo Motive

Compensation Business Partner, R&D

Artificial Intelligence • Fintech • Hardware • Information Technology • Sales • Software • Transportation
Easy Apply
Remote
United States
4000 Employees
148K-190K Annually

Similar Companies Hiring

Golden Pet Brands Thumbnail
Digital Media • eCommerce • Information Technology • Marketing Tech • Pet • Retail • Social Media
El Segundo, California
178 Employees
Kepler  Thumbnail
Fintech • Software
New York, New York
6 Employees
Onshore Thumbnail
Artificial Intelligence • Fintech • Software • Financial Services
New York, New York
60 Employees

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account