DevSecOps Manager (Gov / FedRAMP Focus)

Location: Onsite – Fairfax, VA · U.S. Citizen Required (ITAR / Government Customer Requirements)

Type: Full Time

Job description

NextgenID is hiring an on-site, hands-on DevSecOps Manager to lead the security and platform operations for multi-cloud services running across AWS, Azure, and Google Cloud, managing a global network of identity verification stations.

This is a player/coach role: you will lead daily execution while setting the security and delivery standards required for SOC 2 (12–18 months) and FedRAMP Moderate. The role has a defined growth path to Director/VP based on performance, operating maturity, and leadership impact.

Role Fit & Non-Negotiables

  • Onsite in Fairfax, VA — remote is not available.
  • U.S. citizen required due to ITAR and government customer obligations.
  • Comfortable operating as an incident leader when needed, with primary operational hours generally 8am–7pm EST.
  • Hands-on ownership of security posture and DevOps/platform execution — this is not a policy-only or advisory role.

What You’ll Own (90–180 Day Outcomes)

  • Establish an audit-ready Secure SDLC and begin the transition from Azure DevOps (ADO) to GitHub, aligned with FedRAMP expectations.
  • Implement pragmatic CI/CD controls: SAST/SCA, secrets scanning, infrastructure-as-code scanning, environment protections, and evidence capture.
  • Harden multi-cloud identity and access: federation/SSO, least privilege, break-glass, and periodic access reviews.
  • Improve detection and response using Elastic; mature vulnerability management using Qualys with SLAs, dashboards, and exception governance.
  • Strengthen Windows fleet security using our custom command center: patching strategy, rollout rings/canary, rollback, remote isolate, baseline hardening, and telemetry coverage.
  • Stand up a repeatable operating cadence: standups, change control, incident review, postmortems, and measurable reliability/security KPIs.

Key Responsibilities

Security Leadership (Hands-On)

  • Own threat modeling and security architecture across edge, cloud, and SDLC.
  • Lead incident response end-to-end (triage, containment, eradication, recovery, postmortem).
  • Drive identity, encryption/key management, logging, detection engineering, and secure configuration baselines.

DevOps / Platform Engineering (Hands-On)

  • Own CI/CD pipelines and release governance across Kubernetes and VM-based workloads.
  • Define and enforce golden paths (templates, approved patterns, environment promotion, rollback) that accelerate delivery while improving security.
  • Select and standardize infrastructure-as-code approach (Terraform/CloudFormation/Bicep/Pulumi) and implement policy guardrails.

Compliance Execution (SOC 2 & FedRAMP Moderate)

  • Translate compliance requirements into engineering deliverables (controls, automation, evidence, continuous monitoring).
  • Partner with GRC to prepare audit-ready artifacts without creating manual, high-friction processes.
  • Create operational runbooks and control evidence that meets assessor scrutiny (NIST 800-53 mindset).

People Leadership (Player/Coach)

  • Lead and mentor a small SOC/NOC and DevOps team, with clear priorities and accountability.
  • Create a culture of high standards: measurable goals, calm execution under pressure, and continuous improvement.
  • Hire and scale the team as the platform and compliance program grows.

Required Qualifications

  • 7+ years in Security Engineering, DevOps, Platform/SRE, or equivalent roles with direct production ownership.
  • Demonstrated experience building and operating secure CI/CD and release governance; experience with Azure DevOps and/or GitHub Actions.
  • Strong cloud security fundamentals and hands-on delivery experience in at least two of AWS/Azure/GCP (multi-cloud preferred).
  • Practical Windows security experience; ability to harden and operate Windows 10/11 environments at scale (IoT/embedded a plus).
  • Incident response leadership experience (performed as incident commander or equivalent).
  • Hands-on experience with SIEM/telemetry operations (Elastic preferred) and vulnerability management (Qualys preferred).
  • Proven ability to lead, mentor, and build a small team; able to set standards without becoming a bottleneck.
  • Must be able to work onsite in Fairfax, VA; U.S. citizen.

Preferred Qualifications

  • FedRAMP Moderate experience (NIST 800-53 controls, SSP support, continuous monitoring, assessor engagement) and/or SOC 2 readiness delivery.
  • Kubernetes security experience (RBAC, admission control, network policy, image policy, workload identity) plus VM hardening experience.
  • Software supply chain maturity: SBOM, signed artifacts/provenance, dependency governance, runner hardening, secretless authentication (OIDC).
  • Device fleet operations: staged rollouts, canary rings, rollback safety, remote isolation, and resilience under intermittent connectivity.
  • PKI/credential management exposure: certificate lifecycle (issue/renew/revoke), CRL/OCSP concepts, HSM/KMS custody patterns, and separation of duties.

Signals We Look For

  • You can explain how you prevent CI/CD credential theft and guarantee artifact integrity (OIDC/short-lived creds, signing/provenance, environment protections).
  • You have led real incidents and can describe decisions, containment steps, and postmortem-driven improvements — not just tool lists.
  • You think in guardrails and golden paths: standardization that increases velocity while raising security and reliability.
  • You can operate across Windows edge realities (physical exposure, patching/rings, remote isolate) and cloud control planes.

What Success Looks Like

  • Security controls are implemented as automated guardrails, not manual gates; delivery speed improves while risk decreases.
  • Incidents are handled predictably with documented playbooks and measurable improvements (MTTD/MTTR, recurrence reduction).
  • SOC 2 and FedRAMP readiness progresses with high-quality evidence capture and continuous monitoring, minimizing manual audit churn.
  • The team becomes independent and scalable, enabling a Director-level operating model.

To Apply

Please submit your resume and a cover letter detailing your relevant experience and how you meet the qualifications outlined above to careers@nextgenid.com. We look forward to reviewing your application and considering you for this exciting opportunity to contribute to our innovative identity technology startup.

About NextgenID

NextgenID focuses on improving the efficiency and speed of mission critical, high assurance identity enrollment and credentialing operations that are essential to hundreds of millions of users worldwide.

Our technologies are engineered to dramatically reduce the time and cost of capturing accurate data when creating a digital identity. Our industry-neutral solutions revolve around "Supervised Remote-Identity Proofing" to automatically, securely and "remotely" perform all proofing, enrollment and credentialing processes and workflows for our customers. The industry is taking notice as we are now working with some of the largest agencies in the US Defense, intelligence, Civil, State and Local government markets, as well as other national governments and commercial organizations throughout the world.