Overview
By Light is seeking personnel to provide comprehensive support for the Defense Contract Management Agency (DCMA) Facilities Management team in the implementation and sustainment of a Computer-Aided Facility Management (CAFM) software solution.
This engagement, titled “DCMA CAFM SaaS Support Services,” encompasses a base year plus four option years (September 30, 2025 – September 29, 2030), and will facilitate the optimization of facility operations across DCMA’s nationwide and overseas portfolio, totaling over 1.3 million square feet.
By Light will deliver a FedRAMP-approved, Impact Level 4 SaaS solution and a full spectrum of professional services, including system implementation, software development, system administration, help desk customer support, virtual and on-site training, and ongoing cybersecurity management.
The CAFM system is required to streamline space planning, asset and lease tracking, capital and building operations management, and reporting, while enabling seamless integration with Autodesk and compliance with all applicable DoD cybersecurity and accessibility standards.
Responsibilities
Lead the design, implementation, and ongoing management of secure Continuous Integration/Continuous Deployment (CI/CD) pipelines for the DCMA Computer-Aided Facility Management (CAFM) SaaS environment, ensuring rapid, reliable, and secure delivery of software enhancements and patches.Enforce DevSecOps best practices to integrate security at every phase of the software development lifecycle by automating vulnerability scanning, code analysis, compliance checks, and remediation processes.Collaborate with software developers, cybersecurity analysts, and system administrators to architect highly available, scalable, and compliant cloud-based solutions in accordance with FedRAMP and DoD Security Technical Implementation Guides (STIGs).Maintain, monitor, and improve infrastructure-as-code deployments, configuration management, and patch management processes across multiple environments (development, test, staging, production).Ensure all systems, services, and tools meet or exceed RMF, NIST 800-53, IL4, and other DoD cybersecurity requirements and support FISMA compliance.Automate deployment, monitoring, backup, and disaster recovery strategies to ensure system resilience and business continuity.Lead efforts to assess and mitigate risks associated with software supply chain, open-source software usage, and third-party integrations.Document DevSecOps processes, configuration changes, and provide training and mentorship to intermediate DevSecOps and development team members.Evaluate new tools and technologies to enhance automation, monitoring, and security in the CAFM development and operational environments.Participate in Agile sprints, provide input to sprint planning, and collaborate in cross-functional team meetings to align DevSecOps activities with overall project objectives. Required Experience/Qualifications
Bachelor’s Degree in Computer Science, Cybersecurity, Information Systems, Engineering, or a related technical field.Minimum 7 years’ experience in DevOps/DevSecOps roles, with at least 3 years supporting cloud-based (SaaS) solutions in DoD, federal, or critical infrastructure environments.Demonstrated expertise in the deployment and administration of secure CI/CD pipelines, container orchestration (., Docker, Kubernetes), and infrastructure-as-code tools (., Terraform, Ansible).Experience implementing security automation tools for code analysis, vulnerability scanning, and compliance validation within a DevSecOps workflow.Deep knowledge of FedRAMP, NIST 800-53, RMF, and DoD cloud/security controls.Hands-on experience with cloud platforms (., AWS GovCloud, Azure Government, or equivalent environments).Proficiency with scripting languages (., Python, Bash, PowerShell) and version control systems (., Git, GitLab). Preferred Experience/Qualifications
Master’s Degree in Information Security, Computer Science, or related domain.Experience supporting CAFM, asset management, or facilities management SaaS solutions in federal or DoD settings.Experience conducting, documenting, and remediating results of Authority to Operate (ATO) packages and other formal system accreditation processes.Industry certifications such as:Certified DevSecOps Professional (CDP)Certified Kubernetes Administrator (CKA)AWS Certified DevOps Engineer or Azure DevOps ExpertCompTIA Security+, CASP+, or CISSP (for security emphasis)GIAC Certified DevSecOps ProfessionalFamiliarity with Section 508 accessibility requirements and secure software supply chain management.Experience mentoring or leading DevSecOps teams. Special Requirements/Security Clearance
.
citizenship required. By Light recognizes that our strength is our people.
We support every employee as an individual to build strong teams across the enterprise.
Our benefit package includes:
Medical, Dental & Vision Coverage Wellness Program 401(k) Matching Disability (Short Term & Long Term) Employee Assistance Program Life Insurance Education & Training Generous Leave Policy (11 Federal Holidays, PTO, and Military Leave) By Light is an Equal Opportunity and Affirmative Action Employer.
All qualified candidates will receive consideration regardless of gender, race, veteran status, disability, and any other protected class in accordance with federal, state and local laws.