As the senior subject-matter expert for developer experience and platform enablement, this lead makes the secure path the easy path: designing self-service golden paths, reusable pipeline templates, and paved-road tooling - with built-in security, compliance, and quality guardrails - so product teams across a large, complex enterprise estate (Azure with AKS, AWS, on-premises, and mainframe systems) can build, test, and ship software faster and more safely. Treating the developer platform as a product, the lead releases improvements on an Agile cadence, measures and raises developer productivity and tool adoption, and leads secure, governed adoption of AI-assisted development. Serving as a technical leader, the lead mentors engineers, influences platform direction with FDIC stakeholders, and performs with little or no FDIC intervention.
PRIMARY RESPONSIBILITIES
Self-Service Platform and Golden Paths
- Develop and maintain templates, playbooks, and paved-road patterns that enable product-team self-service with built-in security, compliance, and quality guardrails, so the secure and compliant path is the default path - making the right thing the easy thing for delivery teams.
- Design reusable, chained, language-agnostic pipeline templates that separate project-owned delivery activities from enterprise-enforced governance and security validation, supporting multiple stacks (for example Java, Python, JavaScript/TypeScript, .NET, Go) and Infrastructure-as-Code so teams inherit the enterprise security gates automatically rather than building bespoke pipelines.
- Reduce friction and cognitive load across the inner-loop and outer-loop developer workflow while preserving policy-as-code controls, and ensure consistent use of approved DevSecOps frameworks, tools, and automation pipelines across application teams.
Developer Productivity and Continuous Improvement
- Treat the developer platform as a product: maintain a managed backlog and roadmap, release changes to tools, toolchains, and pipelines on a frequent, predictable Agile cadence, and assess and pilot emerging DevSecOps tools and practices where the value and security case is proven.
- Define, collect, and analyze developer-experience and productivity metrics (for example lead time, deployment frequency, change-failure rate, and developer-satisfaction signals) to identify and prioritize improvements.
- Drive measurable delivery outcomes through reusable, self-service capabilities: shorten environment and pipeline setup time, accelerate delivery, improve software quality and consistency, and reduce risk and rework for product teams.
AI-Enabled Developer Experience and AI Governance
- Lead secure, governed, organization-wide adoption of AI coding assistants (for example GitHub Copilot): define and enforce secure-coding policy, configure content exclusions and guardrails, and ensure AI-generated code is peer-reviewed and passes the enterprise security gates before merge.
- Evaluate, pilot, and integrate agentic AI and AI coding-agent capabilities (for example Claude Code, GitHub Copilot agents, and comparable tools) into the developer platform - for test generation, code modernization, documentation, and pipeline automation - with constrained tool access, least-privilege permissions, and human-in-the-loop review; apply AI and large language model techniques to reduce toil and improve software quality.
- Ensure AI solutions in the platform comply with applicable Federal AI mandates and AI governance frameworks and adhere to the NIST Control Overlays for Securing AI Systems (extending NIST SP 800-53), the OWASP Top 10 for LLM Applications, and the NIST AI Risk Management Framework; maintain an inventory of AI tools and AI-consuming processes and remediate shadow AI.
Policy-as-Code Governance, Supply-Chain, and Application Security.
- Develop and maintain a policy-as-code governance framework (for example Open Policy Agent and Rego, or comparable) that automates enforcement across software quality, supply-chain security, deployment, and infrastructure, blocking promotion on Critical/High findings, with automated audit-evidence generation, waiver and risk-acceptance management, and continuous compliance supporting NIST and RMF.
- Implement software supply-chain security controls in the pipeline (SBOM generation and validation, container image signing, approved-registry enforcement, and license-compliance checks) and Infrastructure-as-Code governance (for example a Terraform governance framework) so cloud and infrastructure changes are validated for security and compliance before deployment.
- Integrate and tune SAST, DAST, SCA, container, and IaC security scanning (for example SonarQube, GitHub Advanced Security/CodeQL, JFrog Xray, Aqua/Trivy) into the golden-path pipelines with policy-gated enforcement, and foster shift-left secure coding aligned to the OWASP Top 10 and NIST SP 800-53, supporting teams in remediating vulnerabilities to defined security standards.
Enablement, Community, and Technical Leadership
- Author and maintain guidance, practice guides, training, and internal developer portals (GitHub Pages, SharePoint); facilitate the developer community of practice through knowledge-sharing and outreach; and report on teams not using required DevSecOps tools, with the actions taken to promote adoption.
- Serve as the developer-experience subject-matter expert: mentor engineers, solution architects, and SREs; set platform standards; and influence FDIC stakeholders and executive leadership on platform direction and developer-productivity strategy.
- Ensure platform changes follow FDIC Change Control Board (CCB) procedures and comply with FDIC, Federal, and industry security frameworks (NIST, FISMA), and partner with the DevSecOps, AppSec, and architecture leads so golden paths embed the enterprise security and zero-trust controls rather than bypassing them.
REQUIRED QUALIFICATIONS
- U.S. Citizen.
- Must be able to obtain and maintain a Public Trust determination.
- As a named Key Personnel position, the candidate may be required to participate in client presentations or interviews.
- Bachelor's degree in Computer Science, Computer Engineering, Information Systems, Software Engineering, or a closely related technical discipline. In lieu of degree, 4 additional years of directly relevant experience may substitute.
Experience
- Minimum 12 years of progressive software-engineering or platform-engineering experience, including hands-on software development (12-15 years typical for this senior subject-matter-expert level), with at least 3 recent, hands-on years (typically within the past 1-2) building developer-experience or internal-developer-platform capabilities - self-service templates, golden paths, or reusable CI/CD pipelines - in a large enterprise environment.
- Demonstrated recent, hands-on experience architecting reusable, policy-enforced CI/CD pipelines on an enterprise CI/CD platform (for example GitHub Actions, Harness, or comparable), authoring reusable templates and starter patterns adopted by multiple teams, with the ability to apply these patterns to a GitHub-based toolchain (GitHub Enterprise Server and GitHub Actions).
- Demonstrated experience designing self-service tooling with built-in security, compliance, and quality guardrails - policy-as-code and templated security gates (for example Open Policy Agent/Rego) - rather than bypassing them.
- Hands-on experience implementing Kubernetes-native deployment (automated manifest generation, progressive-delivery strategies, health verification, and secure deployment of signed artifacts) on Microsoft Azure (AKS) or comparable.
- Experience implementing software supply-chain security controls (SBOM, image signing, approved-registry and license-compliance enforcement) and continuous-compliance/audit-evidence automation supporting NIST and RMF, and integrating application-security testing (SAST, DAST, SCA, container, and IaC scanning) into CI/CD pipelines with policy-gated enforcement grounded in the OWASP Top 10 and NIST SP 800-53.
- Proven experience treating a developer platform or toolchain as a product (managing a backlog and roadmap, releasing on an Agile cadence, measuring adoption and productivity outcomes), with proficiency in at least one modern programming language (for example Python, Java, JavaScript/TypeScript) for platform tooling, automation, and integrations.
- Demonstrated experience enabling secure, governed adoption of AI coding assistants (for example GitHub Copilot) and applying AI or large language model capabilities to developer-productivity or software-delivery workflows, with working knowledge of the AI attack surface (OWASP Top 10 for LLM Applications) and AI security controls (NIST AI Risk Management Framework and Control Overlays for Securing AI Systems).
- Demonstrated technical leadership: mentoring engineers, solution architects, and SREs, influencing stakeholders or executive leadership on technical direction, and building and sustaining a developer community of practice.
Technical Skills
- GitHub Enterprise Server (self-managed) and GitHub Actions; reusable workflows, starter repositories, and templated pipelines; self-service platform / golden-path design with policy-as-code guardrails (for example OPA/Gatekeeper)
- Infrastructure as Code (Terraform, Bicep) and IaC governance; Kubernetes/AKS and Kubernetes-native progressive delivery; container fundamentals (Docker, Helm, Flux)
- Software supply-chain security (SBOM generation/validation, container image signing such as cosign, approved-registry and license-compliance enforcement) and continuous-compliance/audit-evidence automation (NIST, RMF)
- Application-security testing integration (SAST, DAST, SCA, container, and IaC scanning - for example SonarQube, GitHub Advanced Security/CodeQL, JFrog Xray, Aqua/Trivy) with policy-gated gates; OWASP Top 10 and NIST SP 800-53 secure-coding coverage
- Python, Java, or JavaScript/TypeScript for platform tooling and automation; developer portals and documentation platforms (GitHub Pages, SharePoint; Backstage or comparable a plus); developer-productivity and delivery metrics (DORA-style)
- Generative and agentic AI for development (for example GitHub Copilot, Claude Code, Copilot agents) with constrained tool access and least-privilege controls; secure review of AI-generated code
- AI governance and AI security: OWASP Top 10 for LLM Applications, NIST AI Risk Management Framework, and the NIST Control Overlays for Securing AI Systems
- Agile/Scrum delivery and product-management practices for an internal platform
PREFERRED QUALIFICATIONS
- Certified ScrumMaster (CSM), SAFe, or a comparable Agile delivery credential.
- Security credential such as Certified Secure Software Lifecycle Professional (CSSLP), CISSP, or GIAC Cloud Security Automation (GCSA).
- Cloud or IaC credential such as Microsoft Certified: Azure DevOps Engineer Expert (AZ-400), HashiCorp Certified: Terraform Associate, or Certified Kubernetes Administrator (CKA/CKAD).
- Experience supporting a large, complex enterprise DevSecOps platform (many application teams, large repository count, high pipeline volume) with the ability to operate independently from Day 1, ideally in a FISMA Moderate, regulated-financial, or comparable federal environment subject to formal change control and security governance.
- Experience standing up or maturing an internal developer platform / platform-engineering function and demonstrably improving developer-productivity metrics.
- Backstage or comparable internal developer portal; inner-source program design and developer-community building at enterprise scale.
- Familiarity with the FDIC self-managed toolchain ecosystem (GitHub Advanced Security, JFrog Artifactory/Xray, SonarQube, Subject7) and AKS-based deployment (Helm, Flux).
- Federal AI governance fluency: OMB AI memoranda (M-25-21, M-25-22), NIST AI 600-1 Generative AI Profile, and emerging AI-management credentials (for example ISO/IEC 42001).
WORK ENVIRONMENT / OTHER
- Position may require participation in on-call or surge support activities to maintain high availability for FDIC Mission Essential and Mission Critical applications. Standard shift is Day; occasional off-hours support may be required for planned maintenance windows and incident response coordination.
This is a primarily remote position; occasional on-site presence at FDIC headquarters (Arlington, VA) may be required as needed.
Minimal travel.
If you're looking for comfort, keep scrolling. At Leidos, we outthink, outbuild, and outpace the status quo — because the mission demands it. We're not hiring followers. We're recruiting the ones who disrupt, provoke, and refuse to fail. Step 10 is ancient history. We're already at step 30 — and moving faster than anyone else dares.
Original Posting:July 2, 2026For U.S. Positions: While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.
The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.
Similar Jobs
What you need to know about the San Francisco Tech Scene
Key Facts About San Francisco Tech
- Number of Tech Workers: 365,500; 13.9% of overall workforce (2024 CompTIA survey)
- Major Tech Employers: Google, Apple, Salesforce, Meta
- Key Industries: Artificial intelligence, cloud computing, fintech, consumer technology, software
- Funding Landscape: $50.5 billion in venture capital funding in 2024 (Pitchbook)
- Notable Investors: Sequoia Capital, Andreessen Horowitz, Bessemer Venture Partners, Greylock Partners, Khosla Ventures, Kleiner Perkins
- Research Centers and Universities: Stanford University; University of California, Berkeley; University of San Francisco; Santa Clara University; Ames Research Center; Center for AI Safety; California Institute for Regenerative Medicine



