Lantana Consulting Group provides services and software for standards-based health-information exchange. We have established ourselves as a trusted leader in the industry with two decades of expertise in developing and deploying technical specifications and interoperability solutions. As a rapidly growing distributed, employee-owned company, we hire exceptional talent nationwide and offer flexible remote work arrangements. We take pride in our mission to improve public health and quality of care and to advance research.

Primary purpose: 

Manages and integrates DevSecOps practices across DevOps Engineering, Release Management, and Security operations. Ensures pipelines for software delivery are aligned with technical standards and comply with federal security frameworks. Leads and directs the team; plays an active role in implementing and problem-solving, guiding infrastructure integration, and driving project delivery. Acts as a key manager and technical liaison between internal teams and IT stakeholders to achieve organizational goals.

A successful candidate will do the following:

• Establish and drive the organization’s DevSecOps strategy, aligning practices with business objectives while ensuring continuous improvement in security, reliability, and delivery speed
• Mentor, coach, and develop team members, fostering a culture of collaboration, accountability, and technical excellence across the software development lifecycle.
• Partner with cross-functional stakeholders (such as engineering, product management, security, and operations) to define standards, implement best practices, and deliver secure, scalable, and high-performing solutions
• Communicate clearly with leadership, set priorities, and allocate resources strategically to ensure the team succeeds
• Serve as a subject-matter expert on federal IT security and compliance requirements; provide guidance on the implementation of NIST 800-53 controls, lead vulnerability assessments and remediation efforts, and ensure all systems and pipelines adhere to federal standards and industry best practices
• Leverage tools such as Jira and Confluence to support Agile management and streamline technical operations

• Master’s degree in Information Technology, Computer Science, or a related field with at least 10 years of progressive work experience; or Bachelor’s degree with at least 12 years of progressive work experience
• Demonstrated progression from technical roles to team-leadership positions in technology delivery
• Minimum of five (5) years of experience in security engineering, including applying NIST 800-53 controls, conducting SA&A processes, and remediating vulnerabilities in federal environments
• Minimum of three (3) years of experience managing technical teams, with a demonstrated ability to set priorities, allocate resources, and develop team capabilities
• Extensive background in DevOps and CI/CD implementation and a strong foundation in principles of software development
• Expertise integrating security practices and optimizing pipelines with tools such as Azure DevOps
• Experience developing and implementing strategic DevSecOps roadmaps that align with organizational objectives and federal compliance requirements, with a proven ability to translate technical requirements into implementation plans
• Demonstrated success creating, documenting, and implementing standardized processes for DevSecOps and release management as well as security protocols across multiple teams and projects
• Experience collaborating with cross-functional technical teams (such as software engineers, quality assurance, security, and infrastructure)
• Experience supporting federal agencies such as CDC or CMS
• Strong communication skills and experience providing updates to leadership 
• Experience using tools such as Jira and Confluence to document technical infrastructure, including Cloud environments, security protocols, and CI/CD pipelines 
• Strong understanding of data-encryption best practices (including enforcing policies for data at rest and in transit) and experience responding  to security threats 
• Ability to work and thrive in a fast-paced environment 
• Must be able to obtain and maintain a Public Trust Level 5 clearance.

Preferred qualifications:

• Familiarity with Cloud-based development and deployment environments
• Proven ability to implement and manage containerized applications using Docker and Kubernetes in Cloud-based environments
• History of streamlining operational workflows through automation using languages such as Python, PowerShell, or Bash
• Experience collaborating with development and infrastructure teams to support release-management efforts 
• Proven experience designing and automating secure, scalable Azure infrastructure using IaC tools such as Terraform and Ansible, with supporting diagrams and runbooks
• Experience implementing automated testing and security-monitoring solutions to support compliance, key management, and system reliability in Cloud environments
• Familiarity with CDC’s Continuous Monitoring tools such as Tenable and Fortify
• Current CompTIA Security+ certification or equivalent

Additional information:

• We are a remote organization, but we prioritize in-person collaboration during key events such as our annual company meeting. 
• We are an equal-opportunity employer. All qualified applicants for current openings will be considered for employment without regard to race, color, religion, sex (including pregnancy, gender identity, and sexual orientation), parental status, national origin, age, disability, genetic information (including family medical history), political affiliation, military service, or other non-merit based factors. 
• For this position, the candidate must reside in the United States.