Job Description
Everforth ECS is seeking a DevSecOps/Supply Chain Lead SME to work in the National Capital Region covering the Pentagon, Falls Church, and Fairfax. Please Note: This position is contingent upon contract award.
The War Data Platform (WDP) is a key initiative within the U.S. Department of War's (DoW) AI-First strategy introduced in early 2026. The WDP focuses on operational warfighting data and aims to accelerate the deployment of artificial intelligence (AI) on the battlefield. The WDP extends to Unclassified, Secret, and Top Secret environments, and supports collaboration between Combatant Commands, Joint Staff directorates, Senior Executive Service leaders, and operational analysts.
This role defines enterprise scanning policy and acceptance thresholds for vulnerability assessments executed within WDP Core Integration deployment pipelines, establishing and enforcing supply chain risk governance across Kubernetes, VMware, GitLab CI, and artifact repositories to protect AI and machine learning model serving missions across all classification enclaves.
• Defines enterprise scanning policy and acceptance thresholds for vulnerability assessments executed within War Data Platform (WDP) Core Integration deployment pipelines supporting artificial intelligence and machine learning model serving missions for Department of War programs, Joint Staff analysts, Combatant Command elements, and Senior Executive Service leadership.
• Establishes governance for all serving artifacts by developing vulnerability-classification standards, remediation pathways, and deploy-blocking criteria aligned with mission assurance requirements and cross-domain security architectures.
• Coordinates remediation service-level agreements with engineering teams by directing triage workflows, validating corrective actions, and maintaining authoritative records of vulnerability disposition across Kubernetes clusters, VMware environments, GitLab Continuous Integration pipelines, SonarQube dashboards, Tenable Nessus scans, and artifact repositories.
• Implements DevSecOps supply-chain methodologies to validate software provenance, dependency integrity, and hardened configuration baselines for all model-runtime components, API endpoints, and deployment templates.
• Produces mission-critical deliverables—including scanning policy documentation, acceptance threshold definitions, remediation tracking reports, operational risk assessments, and release governance artifacts.
• Leads collaboration with Platform One, Cloud One, multi-national engineering teams, and cross-service mission partners to strengthen operational readiness, reinforce deployment consistency, and advance program value commitments across all enclaves.
• Supports Tier-4 incident response actions by providing authoritative vulnerability evidence, remediation guidance, and supply chain integrity documentation required for rapid triage and sustained mission performance.
• Performs other duties as assigned.