Knox Systems, Inc.

• Define and own Knox’s DevOps and Platform Engineering strategy, roadmap, and operating model. • Build, lead, and scale a multi-disciplinary organization of DevOps Managers, Platform Engineers, and SREs. • Establish clear ownership models, career paths, performance standards, and succession planning. • Champion a DevSecOps culture focused on automation, reliability, accountability, and continuous improvement. • Serve as the executive escalation point for platform reliability, deployment risk, and operational maturity. • Set architectural direction for multi-cloud infrastructure using Infrastructure as Code. • Ensure platform designs and automation meet FedRAMP Moderate/High requirements and NIST 800-53 controls. • Own the enterprise CI/CD strategy supporting multiple product and engineering teams. • Define and track DORA metrics, deployment success rates, and release reliability KPIs. • Partner with NOC and Security teams to improve detection, alerting, and incident response.

• Build and manage infrastructure across AWS, Azure, and GCP using IaC tools (Terraform, Ansible, CloudFormation). • Automate provisioning, configuration, and deployment workflows via CI/CD. • Implement and maintain GitOps pipelines to enforce version-controlled, auditable infrastructure changes. • Manage cloud networking, IAM, and security group configurations aligned to FedRAMP controls. • Develop and maintain CI/CD pipelines using GitHub Actions, GitLab CI, Azure DevOps, or Jenkins. • Integrate Policy-as-Code frameworks (OPA, HashiCorp Sentinel, or Azure Policy) for compliance enforcement. • Embed automated validation, testing, and security scans into pipeline workflows. • Automate deployment of dashboards, alerts, and metrics using tools like Grafana, CloudWatch, Datadog, or Azure Monitor. • Define and track Service Level Indicators (SLIs) and Objectives (SLOs) for critical services. • Partner with CloudOps to improve incident detection and proactive remediation. • Manage secrets, credentials, and API tokens using KMS, Key Vault, or Vault. • Integrate pipelines with federated identity providers (Azure AD, AWS IAM Identity Center, Okta). • Enforce least-privilege and credential rotation policies across automation systems. • Build, deploy, and manage containerized workloads using EKS, AKS, or GKE. • Implement Helm, ArgoCD, or Kustomize for automated container deployments. • Troubleshoot networking and application issues within Kubernetes environments. • Maintain IaC and CI/CD configurations compliant with FedRAMP and NIST 800-53 standards. • Automate audit evidence generation for CM-2, CM-6, AU-2, and SC-12 controls. • Collaborate with FinOps to monitor and optimize cloud usage and cost efficiency.

• Serve as a security point of contact for external customers deploying into regulated cloud environments. • Support customer onboarding by validating application security posture and deployment readiness for FedRAMP environments. • Review customer security documentation, architectures, and deployment workflows against platform security requirements. • Communicate security requirements, changes, incident escalations, and compliance questions clearly to customers. • Implement and operate security controls required for FedRAMP Moderate/High, aligned to NIST SP 800-53. • Support Continuous Monitoring (ConMon) activities, including vulnerability tracking, POA&M updates, and compliance reporting. • Maintain and validate FedRAMP security architecture artifacts, including network diagrams, data flow diagrams, trust boundaries, and control flows. • Validate deployed infrastructure and traffic patterns against approved FedRAMP architectures using flow logs and telemetry. • Operate CrowdStrike as part of the core CNAPP enforcement and DevSecOps control. • Integrate CrowdStrike CNAPP and detection signals into automated SOAR and CI/CD workflows to support preventative controls, response, and Continuous Monitoring (ConMon) for FedRAMP compliance. • Coordinate external penetration testing efforts, including scoping, access, findings review, and remediation tracking. • Use application security tools (e.g., Burp Suite) to support internal testing and remediation. • Implement security and compliance gates in CI/CD pipelines to prevent non-compliant infrastructure or code from reaching production. • Enforce policy-as-code guardrails for IAM, networking, logging, encryption, and endpoint protection using Terraform. • Ensure CrowdStrike coverage, logging, and monitoring are enforced as deployment prerequisites. • Prevent cloud exposure by enforcing network segmentation, approved ingress/egress paths, and least-privilege access. • Detect and remediate configuration drift using CSPM and automated workflows. • Secure Kubernetes clusters and containerized workloads to approved security baselines.