Black Duck Software, Inc. helps organizations build secure, high-quality software, minimizing risks while maximizing speed and productivity. Black Duck, a recognized pioneer in application security, provides SAST, SCA, and DAST solutions that enable teams to quickly find and fix vulnerabilities and defects in proprietary code, open source components, and application behavior. With a combination of industry-leading tools, services, and expertise, only Black Duck helps organizations maximize security and quality in DevSecOps and throughout the software development life cycle.
Lead DevOps Engineer (FedRamp - Design & Build)
Who we are:
Black Duck is the market leader in application security testing, helping organizations worldwide build secure, high-quality software. We are building FedRAMP-authorized cloud environments to serve federal agencies, integrating security seamlessly into DevOps while establishing rigorous compliance with government security frameworks.
What you'll do (responsibilities):
As a Senior Staff Engineer in the FedRAMP DevOps Platform Team, you will define and drive the technical vision for our FedRAMP-authorized cloud platform, enabling Black Duck's expansion into the federal market. You will architect compliance-first infrastructure serving 500+ engineers while maintaining government security standards and accelerating our path to ATO.
- Define and architect the end-to-end FedRAMP-compliant cloud platform strategy, leveraging accelerators to achieve initial ATO within 12-18 months while establishing foundation for continuous authorization and multi-year scalability.
- Lead initial FedRAMP authorization from architecture through ATO: drive SSP authoring, NIST 800-53 control implementations, 3PAO coordination, and readiness assessment while establishing repeatable processes that reduce future authorization cycles by 40%.
- Architect secure, scalable platform infrastructure including CI/CD pipelines, Kubernetes environments, developer portal (Backstage), observability systems, and compliance automation that enables developer velocity while maintaining continuous compliance posture.
- Establish security and compliance architecture patterns across encryption, network segmentation, secrets management, supply chain security, and incident response that become organizational standards and reduce security review cycles.
- Drive technical decisions and technology selection for government cloud platforms, compliance tooling, and security controls; influence product roadmap to balance federal requirements with commercial product needs.
- Mentor and raise the technical bar across engineering teams through architecture reviews, design discussions, and establishing FedRAMP best practices; build organizational competency in compliance-aware development.
- Partner with security, product, and business leadership to translate federal customer requirements into technical architecture, manage compliance risk, and deliver measurable improvements in security posture and operational efficiency.
What you'll need:
BASIC QUALIFICATIONS:
- U.S. citizenship required (FedRAMP and government customer requirements).
- BS in Computer Science or related field, or equivalent experience.
- 10+ years in SRE, DevOps, or Platform Engineering with demonstrated technical leadership across teams.
- Proven experience designing and achieving FedRAMP ATO (High or Moderate), including SSP authoring, NIST 800-53 control implementation, architecture documentation, and 3PAO coordination.
- Expert-level architecture experience on government cloud platforms (AWS GovCloud, Azure Government, or GCP for Government) with deep understanding of compliance requirements, networking, and security boundaries.
- Expertise in modern platform technologies: Kubernetes security, infrastructure-as-code (Terraform), GitOps (ArgoCD/Flux), CI/CD security, observability systems, and secrets management.
- Strong programming skills (Go, Python, or Node.js) and demonstrated ability to drive complex technical initiatives from architecture through production.
PREFERRED QUALIFICATIONS:
- Experience leading multiple FedRAMP authorizations from architecture through ATO with track record of reducing time-to-authorization and establishing repeatable processes.
- Experience with FedRAMP accelerators (Stack Armor, Coalfire) and demonstrated ability to adapt frameworks while maintaining architectural integrity.
- Professional certifications: CISSP, AWS/Azure/GCP Security Specialty, CKS, GIAC, or equivalent.
- Experience with DoD environments (IL4/IL5), CMMC, compliance-as-code practices (OSCAL), and automated compliance documentation.
- Advanced degree in Computer Science or related field, or equivalent experience architecting secure, compliant platforms at scale.
Black Duck considers all applicants for employment without regard to race, color, religion, sex, gender preference, national origin, age, disability, or status as a Covered Veteran in accordance with federal law. In addition, Black Duck complies with applicable state and local laws prohibiting discrimination in employment in every jurisdiction in which it maintains facilities. Black Duck also provides reasonable accommodation to individuals with a disability in accordance with applicable laws.
Top Skills
What We Do
Organizations worldwide use Black Duck Software’s industry-leading products to secure and manage open source software, eliminating the pain related to security vulnerabilities, compliance and operational risk. Black Duck is headquartered in Burlington, MA, and has offices in San Jose, London, Frankfurt, Hong Kong, Tokyo, Vancouver, Seoul & Beijing
Why Work With Us
We pride ourselves on cultivating an environment of collaboration, creativity, and fun! We know where you work can influence how you work, which is why our collaborative office space focuses on community and continuous learning. Our work-hard, play-hard attitude even got us named a Top Place to Work in Massachusetts by The Boston Globe!
Gallery
