DevOps Engineer, Sr ; FedRamp Burlington, MA

Black Duck Software, Inc. helps organizations build secure, high-quality software, minimizing risks while maximizing speed and productivity. Black Duck, a recognized pioneer in application security, provides SAST, SCA, and DAST solutions that enable teams to quickly find and fix vulnerabilities and defects in proprietary code, open source components, and application behavior. With a combination of industry‑leading tools, services, and expertise, only Black Duck helps organizations maximize security and quality in Dev Sec Ops  and throughout the software development life cycle.

Black Duck is the market leader in application security testing, helping organizations worldwide build secure, high‑quality software. We are building FedRAMP‑authorized cloud environments to serve federal agencies, integrating security seamlessly into Dev Ops while establishing rigorous compliance with government security frameworks.

As a Senior Staff Engineer in the FedRAMP Dev Ops Platform Team, you will define and drive the technical vision for our FedRAMP‑authorized cloud platform, enabling Black Duck's expansion into the federal market. You will architect compliance‑first infrastructure serving 500+ engineers while maintaining government security standards and accelerating our path to ATO.

• Define and architect the end‑to‑end FedRAMP‑compliant cloud platform strategy, leveraging accelerators to achieve initial ATO within 12–18 months while establishing foundation for continuous authorization and multi‑year scalability.
• Lead initial FedRAMP authorization from architecture through ATO: drive SSP authoring, NIST 800‑53 control implementations, 3
  
  PAO coordination, and readiness assessment while establishing repeatable processes that reduce future authorization cycles by 40%.
• Architect secure, scalable platform infrastructure including CI/CD pipelines, Kubernetes environments, developer portal (Backstage), observability systems, and compliance automation that enables developer velocity while maintaining continuous compliance posture.
• Establish security and compliance architecture patterns across encryption, network segmentation, secrets management, supply chain security, and incident response that become organizational standards and reduce security review cycles.
• Drive technical decisions and technology selection for government cloud platforms, compliance tooling, and security controls; influence product roadmap to balance federal requirements with commercial product needs.
• Mentor and raise the technical bar across engineering teams through architecture reviews, design discussions, and establishing FedRAMP best practices; build organizational competency in compliance‑aware development.
• Partner with security, product, and business leadership to translate federal customer requirements into technical architecture, manage compliance risk, and deliver measurable improvements in security posture and operational efficiency.

BASIC QUALIFICATIONS:

• U.S. citizenship required (FedRAMP and government customer requirements).
• BS in Computer Science or related field, or equivalent experience.
• 10+ years in SRE, Dev Ops, or Platform Engineering with demonstrated technical leadership across teams.
• Proven experience designing and achieving FedRAMP ATO (High or Moderate), including SSP authoring, NIST 800‑53 control implementation, architecture documentation, and 3
  
  PAO coordination.
• Expert‑level architecture experience on government cloud platforms (AWS Gov Cloud, Azure Government, or GCP for Government) with deep understanding of compliance requirements, networking, and security boundaries.
• Expertise in modern platform technologies:
  Kubernetes security, infrastructure‑as‑code (Terraform), Git Ops (ArgoCD/Flux), CI/CD security, observability systems, and secrets management.
• Strong programming skills (Go, Python, or Node.js) and demonstrated ability to drive complex technical initiatives from architecture through production.

• Experience leading multiple FedRAMP authorizations from architecture through ATO with track record of reducing time‑to‑authorization and establishing…