VTG

Senior Software Configuration Manager / DSO Architect

VTG · Washington, District of Columbia, United States

Defense and Space Manufacturing · 1,001-5,000 employees

17 h ago
Remote Principal (10+ yrs) Full-time United States
Log in to apply, save this posting, or score it against your profile with AI.

About the role

The role serves as the technical authority for configuration management and DevSecOps architecture, designing and owning the end-to-end strategy for source control and release engineering. Key duties include governing GitLab workflows, hardening CI/CD pipelines, and leading the Change Control Board to ensure software supply chain security.

What they look for

Software Configuration Management DevSecOps Architecture GitLab Administration CI/CD Pipeline Design Release Engineering Python Bash Ruby Software Supply Chain Security Baseline Governance Change Control Board Leadership Automation Engineering Identity and Access Management SBOM Generation Technical Leadership Stakeholder Communication

Requirements

Requires US citizenship, a DoD Secret clearance, and 8+ years of experience in SCM or DevSecOps (12+ without a degree). Candidates must have 5+ years of hands-on GitLab architecture experience and proficiency in scripting languages like Python, Bash, or Ruby.

Full description

Overview

VTG is seeking a Senior Software Configuration Manager to serve as the technical authority and strategic architect for all configuration management and DevSecOps practices across the program. This is not a role for someone who maintains the process — it is a role for someone who designs it, owns it, and drives it forward. You will set the technical direction for source control, baseline governance, pipeline security, and release engineering while operating as a peer to software architects and senior engineers. Your decisions will shape how the program builds, integrates, and delivers software in a mission-critical, cloud-based GitLab environment.

What will you do?

This position holds technical ownership of the configuration management architecture across all development, testing, staging, and production environments. The Senior SCM Architect is accountable for establishing disciplined, automated, and auditable configuration control practices that reduce integration risk, enable rapid delivery, and preserve the technical continuity of an evolving software capability. You will serve as the program’s subject matter expert on DevSecOps tooling, baseline governance, and software supply chain security — advising program leadership and government stakeholders on configuration risk, readiness, and strategy. You will be expected to lead, mentor, and technically develop the configuration management function, building a repeatable and scalable CM capability that survives personnel changes.

Technical Leadership & Architecture

  • CM Strategy & Roadmap: Define and own the end-to-end CM architecture strategy, including toolchain selection, workflow standards, and long-range roadmap for DevSecOps maturity.
  • Technical Authority: Serve as the technical authority on all configuration management decisions; advise program leadership, systems architects, and government customers on configuration risk and readiness.
  • DevSecOps Transformation: Drive DevSecOps modernization — identifying automation opportunities, maturing pipeline security, and retiring manual processes across the software lifecycle.
  • Team Development: Mentor and technically develop junior CM engineers and adjacent DevOps personnel; build a CM function that is resilient to personnel turnover.

Baseline & Release Engineering

  • Baseline Architecture: Architect, define, and govern release baselines and configuration items (CIs) across the full software lifecycle; establish and enforce release gating criteria.
  • GitLab Workflow Governance: Standardize and enforce Git-based workflows (branching strategy, merge request governance, tagging, and release procedures) at an enterprise scale.
  • CI/CD Pipeline Design: Design, maintain, harden, and continuously improve CI/CD pipelines using .gitlab-ci.yml; own pipeline reliability, security scanning integration, and deployment velocity.

Security, Compliance & Change Control

  • Access & Identity Architecture: Implement and maintain enterprise-grade permission models, SSO/SAML integrations, and project-scoped GitLab Runners; own the identity and access architecture for the GitLab environment.
  • Security & Compliance: Enforce software supply chain security practices, including dependency scanning, SBOM generation, and embedded scan orchestration within the CI/CD pipeline.
  • Change Control Board Leadership: Chair or co-chair the Change Control Board (CCB); establish and mature the change management process, ensuring traceability from requirement through production deployment.
  • Automation Engineering: Utilize scripting (Python, Bash, Ruby) to design and implement automation that eliminates manual CM toil and enforces policy programmatically.

Program Engagement

  • Technical Documentation: Create and maintain authoritative documentation for software functional and performance characteristics in support of cybersecurity, Authorization to Operate (ATO), and information security requirements.
  • Stakeholder Communication: Proactively communicate configuration risk, environment changes, release readiness, and pipeline health to program leadership and government stakeholders.

Do you have what it takes?

Required:

  • US citizenship and the ability to attain/maintin a DoD SECRET Security Clearance.
  • Bachelor’s degree with 8+ years of experience (or 12+ years without degree) in software configuration management, release engineering, or DevSecOps — with a clear record of progressive technical leadership.
  • 5+ years of hands-on experience architecting and administering mid- to large-scale GitLab environments, including pipelines, Runners, and access management.
  • Demonstrated experience serving as a technical lead, CM architect, or principal engineer on a program of record — not solely as an individual contributor.
  • Strong proficiency in scripting languages (Python, Bash, or Ruby) used to build automation, enforce configuration policy, and reduce operational toil.
  • Deep, hands-on understanding of DevSecOps practices including CI/CD, pipeline security, SBOM, and software supply chain integrity.
  • Demonstrated ability to communicate complex technical concepts to non-technical stakeholders, program leadership, and government customers.

Desired:

  • Active DoD SECRET (or higher) Security Clearance.
  • DoD 8570.01-M IAT Level II certification (Security+, SSCP, CND, CCNA Security, or equivalent).
  • Experience in RAISE DevOps environments or equivalent classified cloud delivery platforms.
  • Experience supporting Authorization to Operate (ATO) activities, RMF documentation, or STIG compliance.
  • Prior experience as a lead engineer, solutions architect, or chief engineer on a DoD program of record.
  • Master’s degree in Computer Science, Systems Engineering, or a related technical discipline.

Pay Range: VTG’s estimated starting salary is $120,000 - $160,000 which is a general guideline for the geographic location. When extending an offer, VTG also considers work experience, education, skill level, market considerations and may possibly include contractual requirements which may cause an offer to fall outside of this range.