[Hiring] Chief Security Architect, Developer Experience @Leidos

Role Description

Wanted: The architect who sees that the ATO process isn't a compliance problem—it's an engineering problem—and knows how to build the solution.

Large-scale software delivery in regulated, defense-focused environments runs into the same wall everywhere you look. The compliance process was designed to create an audit trail. It wasn't designed to enforce security. SSPs capture intent. ATOs authorize environments at a point in time. And by the time the ink is dry, the system has already moved.

The developers building mission-critical software know this pattern. The security organizations know it too. The question has never been whether this model needs to change—it's whether anyone has the engineering depth and the security credibility to build something that actually replaces it.

That's why this role exists.

We're building the platform that is transforming how thousands of Leidos engineers build and deliver software. At the center of that platform is a fundamental re-architecture of how compliance works: not as a gate you pass through, but as code woven into the infrastructure itself. Policy-as-code. Continuous compliance evidence. A platform ATO that programs inherit rather than pursue on their own.

The goal is a platform that the enterprise security organization looks at and says: this is the thing we've been trying to build for years. These people aren't going around us. They're handing us superpowers.

You're the person who builds it. And you're the person who makes that realization inevitable.

What You'll Do

• Architect the compliance engine.
• Own the platform ATO strategy.
• Be the enterprise security team's most important technical partner.
• Build the agentic AI security model.
• Own security architecture across the developer platform.
• Lead the supply chain security effort.
• Drive ATO process re-architecture.

Who You Are

• A builder, not a reviewer.
• Fluent in compliance, but not captured by it.
• A translator.
• Patient and persistent with organizational change.
• Clear-eyed about the mission.

What You’ll Face

• A compliance process built for steady-state operations being applied to a build phase that requires a fundamentally different engagement model.
• A corporate security organization that understands the problem and wants velocity.
• Agentic AI tooling that is arriving faster than enterprise security controls can be designed for it.
• The bootstrapping paradox: using the manual compliance process to build the tool that automates the manual compliance process.
• Programs that need platform ATOs now and a platform that isn't mature enough yet to grant them.

Your Technical Impact

• Design and deliver the policy-as-code infrastructure that enforces compliance at deployment.
• Establish continuous compliance evidence generation.
• Build the agentic AI security architecture.
• Architect the path to a platform-level ATO that programs can inherit.
• Lead the software supply chain security effort.
• Be the technical voice that turns the security team–DevEx relationship into a genuine partnership.

Qualifications

• Masters degree in Computer Science, Information Security, Software Engineering, or related technical field.
• 15+ years of experience in security architecture, DevSecOps, platform security, or related disciplines—with significant hands-on work, not just advisory roles.
• Deep expertise in policy-as-code tooling: Open Policy Agent (OPA), Kyverno, Rego, Sentinel, or equivalent.
• Strong working knowledge of compliance frameworks: NIST 800-53, NIST 800-171, NIST 800-160, FedRAMP, DoD IL4/IL5/6, RMF, CMMC.
• Hands-on experience with container and Kubernetes security.
• Experience with CI/CD pipeline security.
• Familiarity with software supply chain security.
• Experience designing security for AI-assisted development environments.
• Proven ability to engage effectively with security and compliance stakeholders.
• Excellent communication skills.
• U.S. citizenship required; ability to obtain and maintain a security clearance.

Preferred Qualifications

• Direct experience with USAF Platform One, DISA Repo One, or equivalent DoD DevSecOps programs.
• Background working with 3PAOs, DCMA, or other external auditors.
• Hands-on experience with Wiz, Prisma Cloud, Orca, or equivalent cloud security posture management platforms.
• Familiarity with RegScale, Telos Xacta, or equivalent GRC tooling.
• Experience building or operating an Internal Developer Portal with security capabilities integrated.
• CISSP, CCSP, or equivalent security certifications (valued but not required).

Original Posting

April 15, 2026

For U.S. Positions: While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.

Pay Range

Pay Range $154,050.00 - $278,475.00

The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.