Leidos

Developer Experience Lead (Senior) - FDIC Enterprise DevSecOps

Leidos  •  $131k - $237k/yr  •  United States (Remote)  •  2 hours ago
Apply
AI can make mistakes so check important info. Chat history is never stored.

Job Description

The Developer Experience Lead is a senior Key Personnel position on the FDIC Enterprise DevSecOps contract, directly supporting the client's CIO organization (CIOO) and the Delivery Automation and User Experience Section (DAUXS), which owns the enterprise CI/CD and automated-testing frameworks used by application teams.

As the senior subject-matter expert for developer experience and platform enablement, this lead makes the secure path the easy path: designing self-service golden paths, reusable pipeline templates, and paved-road tooling - with built-in security, compliance, and quality guardrails - so product teams across a large, complex enterprise estate (Azure with AKS, AWS, on-premises, and mainframe systems) can build, test, and ship software faster and more safely. Treating the developer platform as a product, the lead releases improvements on an Agile cadence, measures and raises developer productivity and tool adoption, and leads secure, governed adoption of AI-assisted development. Serving as a technical leader, the lead mentors engineers, influences platform direction with FDIC stakeholders, and performs with little or no FDIC intervention.

PRIMARY RESPONSIBILITIES

Self-Service Platform and Golden Paths

  • Develop and maintain templates, playbooks, and paved-road patterns that enable product-team self-service with built-in security, compliance, and quality guardrails, so the secure and compliant path is the default path - making the right thing the easy thing for delivery teams.
  • Design reusable, chained, language-agnostic pipeline templates that separate project-owned delivery activities from enterprise-enforced governance and security validation, supporting multiple stacks (for example Java, Python, JavaScript/TypeScript,NET, Go) and Infrastructure-as-Code so teams inherit the enterprise security gates automatically rather than building bespoke pipelines.
  • Reduce friction and cognitive load across the inner-loop and outer-loop developer workflow while preserving policy-as-code controls, and ensure consistent use of approved DevSecOps frameworks, tools, and automation pipelines across application teams.

Developer Productivity and Continuous Improvement

  • Treat the developer platform as a product: maintain a managed backlog and roadmap, release changes to tools, toolchains, and pipelines on a frequent, predictable Agile cadence, and assess and pilot emerging DevSecOps tools and practices where the value and security case is proven.
  • Define, collect, and analyze developer-experience and productivity metrics (for example lead time, deployment frequency, change-failure rate, and developer-satisfaction signals) to identify and prioritize improvements.
  • Drive measurable delivery outcomes through reusable, self-service capabilities: shorten environment and pipeline setup time, accelerate delivery, improve software quality and consistency, and reduce risk and rework for product teams.

AI-Enabled Developer Experience and AI Governance

  • Lead secure, governed, organization-wide adoption of AI coding assistants (for example GitHub Copilot): define and enforce secure-coding policy, configure content exclusions and guardrails, and ensure AI-generated code is peer-reviewed and passes the enterprise security gates before merge.
  • Evaluate, pilot, and integrate agentic AI and AI coding-agent capabilities (for example Claude Code, GitHub Copilot agents, and comparable tools) into the developer platform - for test generation, code modernization, documentation, and pipeline automation - with constrained tool access, least-privilege permissions, and human-in-the-loop review; apply AI and large language model techniques to reduce toil and improve software quality.
  • Ensure AI solutions in the platform comply with applicable Federal AI mandates and AI governance frameworks and adhere to the NIST Control Overlays for Securing AI Systems (extending NIST SP 800-53), the OWASP Top 10 for LLM Applications, and the NIST AI Risk Management Framework; maintain an inventory of AI tools and AI-consuming processes and remediate shadow AI.

Policy-as-Code Governance, Supply-Chain, and Application Security.

  • Develop and maintain a policy-as-code governance framework (for example Open Policy Agent and Rego, or comparable) that automates enforcement across software quality, supply-chain security, deployment, and infrastructure, blocking promotion on Critical/High findings, with automated audit-evidence generation, waiver and risk-acceptance management, and continuous compliance supporting NIST and RMF.
  • Implement software supply-chain security controls in the pipeline (SBOM generation and validation, container image signing, approved-registry enforcement, and license-compliance checks) and Infrastructure-as-Code governance (for example a Terraform governance framework) so cloud and infrastructure changes are validated for security and compliance before deployment.
  • Integrate and tune SAST, DAST, SCA, container, and IaC security scanning (for example SonarQube, GitHub Advanced Security/CodeQL, JFrog Xray, Aqua/Trivy) into the golden-path pipelines with policy-gated enforcement, and foster shift-left secure coding aligned to the OWASP Top 10 and NIST SP 800-53, supporting teams in remediating vulnerabilities to defined security standards.

Enablement, Community, and Technical Leadership

  • Author and maintain guidance, practice guides, training, and internal developer portals (GitHub Pages, SharePoint); facilitate the developer community of practice through knowledge-sharing and outreach; and report on teams not using required DevSecOps tools, with the actions taken to promote adoption.
  • Serve as the developer-experience subject-matter expert: mentor engineers, solution architects, and SREs; set platform standards; and influence FDIC stakeholders and executive leadership on platform direction and developer-productivity strategy.
  • Ensure platform changes follow FDIC Change Control Board (CCB) procedures and comply with FDIC, Federal, and industry security frameworks (NIST, FISMA), and partner with the DevSecOps, AppSec, and architecture leads so golden paths embed the enterprise security and zero-trust controls rather than bypassing them.

REQUIRED QUALIFICATIONS

  • U.S. Citizen.
  • Must be able to obtain and maintain a Public Trust determination.
  • As a named Key Personnel position, the candidate may be required to participate in client presentations or interviews.
  • Bachelor's degree in Computer Science, Computer Engineering, Information Systems, Software Engineering, or a closely related technical discipline. In lieu of degree, 4 additional years of directly relevant experience may substitute.

Experience

  • Minimum 12 years of progressive software-engineering or platform-engineering experience, including hands-on software development (12-15 years typical for this senior subject-matter-expert level), with at least 3 recent, hands-on years (typically within the past 1-2) building developer-experience or internal-developer-platform capabilities - self-service templates, golden paths, or reusable CI/CD pipelines - in a large enterprise environment.
  • Demonstrated recent, hands-on experience architecting reusable, policy-enforced CI/CD pipelines on an enterprise CI/CD platform (for example GitHub Actions, Harness, or comparable), authoring reusable templates and starter patterns adopted by multiple teams, with the ability to apply these patterns to a GitHub-based toolchain (GitHub Enterprise Server and GitHub Actions).
  • Demonstrated experience designing self-service tooling with built-in security, compliance, and quality guardrails - policy-as-code and templated security gates (for example Open Policy Agent/Rego) - rather than bypassing them.
  • Hands-on experience implementing Kubernetes-native deployment (automated manifest generation, progressive-delivery strategies, health verification, and secure deployment of signed artifacts) on Microsoft Azure (AKS) or comparable.
  • Experience implementing software supply-chain security controls (SBOM, image signing, approved-registry and license-compliance enforcement) and continuous-compliance/audit-evidence automation supporting NIST and RMF, and integrating application-security testing (SAST, DAST, SCA, container, and IaC scanning) into CI/CD pipelines with policy-gated enforcement grounded in the OWASP Top 10 and NIST SP 800-53.
  • Proven experience treating a developer platform or toolchain as a product (managing a backlog and roadmap, releasing on an Agile cadence, measuring adoption and productivity outcomes), with proficiency in at least one modern programming language (for example Python, Java, JavaScript/TypeScript) for platform tooling, automation, and integrations.
  • Demonstrated experience enabling secure, governed adoption of AI coding assistants (for example GitHub Copilot) and applying AI or large language model capabilities to developer-productivity or software-delivery workflows, with working knowledge of the AI attack surface (OWASP Top 10 for LLM Applications) and AI security controls (NIST AI Risk Management Framework and Control Overlays for Securing AI Systems).
  • Demonstrated technical leadership: mentoring engineers, solution architects, and SREs, influencing stakeholders or executive leadership on technical direction, and building and sustaining a developer community of practice.

Technical Skills

  • GitHub Enterprise Server (self-managed) and GitHub Actions; reusable workflows, starter repositories, and templated pipelines; self-service platform / golden-path design with policy-as-code guardrails (for example OPA/Gatekeeper)
  • Infrastructure as Code (Terraform, Bicep) and IaC governance; Kubernetes/AKS and Kubernetes-native progressive delivery; container fundamentals (Docker, Helm, Flux)
  • Software supply-chain security (SBOM generation/validation, container image signing such as cosign, approved-registry and license-compliance enforcement) and continuous-compliance/audit-evidence automation (NIST, RMF)
  • Application-security testing integration (SAST, DAST, SCA, container, and IaC scanning - for example SonarQube, GitHub Advanced Security/CodeQL, JFrog Xray, Aqua/Trivy) with policy-gated gates; OWASP Top 10 and NIST SP 800-53 secure-coding coverage
  • Python, Java, or JavaScript/TypeScript for platform tooling and automation; developer portals and documentation platforms (GitHub Pages, SharePoint; Backstage or comparable a plus); developer-productivity and delivery metrics (DORA-style)
  • Generative and agentic AI for development (for example GitHub Copilot, Claude Code, Copilot agents) with constrained tool access and least-privilege controls; secure review of AI-generated code
  • AI governance and AI security: OWASP Top 10 for LLM Applications, NIST AI Risk Management Framework, and the NIST Control Overlays for Securing AI Systems
  • Agile/Scrum delivery and product-management practices for an internal platform

PREFERRED QUALIFICATIONS

  • Certified ScrumMaster (CSM), SAFe, or a comparable Agile delivery credential.
  • Security credential such as Certified Secure Software Lifecycle Professional (CSSLP), CISSP, or GIAC Cloud Security Automation (GCSA).
  • Cloud or IaC credential such as Microsoft Certified: Azure DevOps Engineer Expert (AZ-400), HashiCorp Certified: Terraform Associate, or Certified Kubernetes Administrator (CKA/CKAD).
  • Experience supporting a large, complex enterprise DevSecOps platform (many application teams, large repository count, high pipeline volume) with the ability to operate independently from Day 1, ideally in a FISMA Moderate, regulated-financial, or comparable federal environment subject to formal change control and security governance.
  • Experience standing up or maturing an internal developer platform / platform-engineering function and demonstrably improving developer-productivity metrics.
  • Backstage or comparable internal developer portal; inner-source program design and developer-community building at enterprise scale.
  • Familiarity with the FDIC self-managed toolchain ecosystem (GitHub Advanced Security, JFrog Artifactory/Xray, SonarQube, Subject7) and AKS-based deployment (Helm, Flux).
  • Federal AI governance fluency: OMB AI memoranda (M-25-21, M-25-22), NIST AI 600-1 Generative AI Profile, and emerging AI-management credentials (for example ISO/IEC 42001).

WORK ENVIRONMENT / OTHER

  • Position may require participation in on-call or surge support activities to maintain high availability for FDIC Mission Essential and Mission Critical applications. Standard shift is Day; occasional off-hours support may be required for planned maintenance windows and incident response coordination.

This is a primarily remote position; occasional on-site presence at FDIC headquarters (Arlington, VA) may be required as needed.

Minimal travel.

If you're looking for comfort, keep scrolling. At Leidos, we outthink, outbuild, and outpace the status quo — because the mission demands it. We're not hiring followers. We're recruiting the ones who disrupt, provoke, and refuse to fail. Step 10 is ancient history. We're already at step 30 — and moving faster than anyone else dares.

Original Posting:

July 2, 2026

For U.S. Positions: While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.

Pay Range:

Pay Range $131,300.00 - $237,350.00

The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.

Leidos

About Leidos

Leidos is a Fortune 500® innovation company rapidly addressing the world’s most vexing challenges in national security and health. The company's global workforce of 48,000 collaborates to create smarter technology solutions for customers in heavily regulated industries. Headquartered in Reston, Virginia, Leidos reported annual revenues of approximately $15.4 billion for the fiscal year ended December 29, 2023.

Leidos was cited for the meaningful work employees perform that is challenging, impactful, and aligned with our customers’ missions as reasons professionals want to work and stay at our company. Leidos has also been named to lists including Forbes’ Best Employers for Diversity, Forbes’ America’s Best Employers for Women, Military Times Best for Vets Employers, and Ethisphere Institute’s World's Most Ethical Companies®.

Employees enjoy career enrichment opportunities available through mobility and development and experience rewarding relationships with supportive supervisors and talented colleagues and customers. Employees appreciate our flexible work environment, allowing for and encouraging a true work-life balance. Our professionals are also excited about our Employee Resource Groups, like the Collaborative Outreach with Remote and Embedded Employees (CORE), which strives to create an environment where every employee, regardless of location, feels fully engaged as a valued employee of Leidos.

Your most important work is ahead, visit careers.leidos.com for our latest opportunities.

Industry
Aviation & Aerospace
Company Size
10,000+ employees
Headquarters
Reston, Virginia
Year Founded
1969
Social Media