Dragonfli Group is a cybersecurity and IT consulting firm providing services to federal agencies and Fortune 100 enterprises. Headquartered in Washington, DC, Dragonfli supports clients in securing mission-critical systems across on-site, hybrid, and fully remote environments.

This contract role, Senior DevSecOps Architect, supports a large federal agency by embedding security into every stage of the software delivery lifecycle and protecting cloud-native and AI-native applications within a large-scale CI/CD environment. You will design, implement, and operate a robust, self-healing DevSecOps ecosystem, leveraging AI/ML for automated threat detection, optimized code reviews, and security automation, while integrating SAST/DAST/SCA/secret scanning into GitHub Actions, GitLab CI, or Jenkins; building on Kubernetes and Terraform/Pulumi across AWS, Azure, or GCP; implementing Policy as Code with Open Policy Agent (OPA); and strengthening observability using eBPF, Prometheus, and tools such as Dynatrace or Datadog. This role requires seasoned DevSecOps leadership, hands-on technical depth, and strong communication and planning skills to balance rapid delivery with uncompromising security. It's a high-impact opportunity to shape secure software delivery and AI security within a major federal agency.

This is a multi-year contract position involving a large US federal agency. Candidates with previous federal contracting experience are preferred. U.S. Citizenship or Permanent Residency required. If hired, all work related to this role must be performed within the continental U.S.

Responsibilities:

• Lead the evolution of the software delivery lifecycle by embedding security into every stage of CI/CD
• Architect and maintain automated CI/CD pipelines using AI/ML for SAST/DAST to detect complex vulnerabilities
• Design security frameworks for the end-to-end AI lifecycle, including data ingestion security and model protection
• Implement guardrail architectures for Large Language Models (LLMs) and AI-native applications
• Develop AI-driven orchestration (SOAR) to automate triage and remediation of security findings
• Implement Policy as Code governance using Open Policy Agent (OPA) to enforce compliance across multi-cloud environments
• Integrate SAST, DAST, SCA, and secret scanning into GitHub Actions, GitLab CI, or Jenkins pipelines
• Conduct advanced threat modeling for cloud-native applications, including AI-specific attack vectors (e.g., model inversion, data poisoning)
• Create self-service security tools and Golden Paths to enable secure developer workflows with minimal friction
• Establish and enhance observability for security and reliability using eBPF, Prometheus, and logging/monitoring platforms (e.g., Dynatrace or Datadog)