Job Description
Seeking a higly qualified DevSecOps Cloud Engineer to provide cloud engineering, DevSecOps automation, and security integration services. The Contractor will support ongoing modernization initiatives, improve the Client's cloud security posture, and implement DevSecOps best practices across Amazon Web Services (AWS) and Google Cloud Platform (GCP) environments.
Responsibilities
Cloud Architecture & Security (AWS & GCP)
- Design, implement, and optimize secure cloud architectures in AWS and GCP
- Conduct IAM reviews and implement least-privilege access models
- Harden identity boundaries and access controls
- Implement and configure cloud-native security services, including:
- AWS GuardDuty, Config, CloudTrail, Security Hub
- GCP Security Command Center, Cloud Armor, Cloud Logging & Monitoring
- Ensure encryption of data at rest and in transit
- Manage encryption key lifecycles using AWS KMS and GCP Cloud KMS
DevSecOps Pipeline Implementation
- Design, build, and maintain CI/CD pipelines with integrated security controls
- Implement automated security testing, including:
- Static Application Security Testing (SAST)
- Dynamic Application Security Testing (DAST)
- Software Composition Analysis (SCA)
- Embed security gates into DevOps workflows such as GitHub Actions, Jenkins, and GitLab
- Integrate and manage secrets using AWS Secrets Manager, GCP Secret Manager, and enterprise secrets management tools
Infrastructure as Code (IaC) & Automation
- Develop and maintain Infrastructure as Code using Terraform, Ansible, and AWS CloudFormation
- Implement Policy-as-Code using OPA Gatekeeper and Terraform Sentinel
- Automate provisioning and deployment of cloud networking, compute, storage, and security resources
Containers & Security
- Support Docker and Kubernetes-based workloads and containerized applications
- Implement container and cluster hardening, including Pod Security Standards, RBAC tightening, and secure image/runtime configurations
- Integrate vulnerability management and scanning solutions
- Configure service mesh or zero-trust networking models where applicable
Monitoring, Logging & Incident Response
- Configure and integrate monitoring and observability tools such as Zabbix, Prometheus, Grafana, AWS CloudWatch, and GCP Cloud Logging & Monitoring
- Build dashboards and alerts for performance, security events, and compliance tracking
- Support incident response activities, including threat analysis and root-cause investigations
Compliance & Governance
- Support compliance efforts aligned with NIST, SOC 2, ISO 2NA01, and FedRAMP (if applicable)
- Automate audit evidence collection where feasible
- Implement governance guardrails, tagging standards, and cloud account controls
Collaboration, Documentation & Knowledge Transfer
- Collaborate with technical leadership and internal development teams
- Provide recommendations for process improvements and tooling
- Operate with minimal supervision
- Adhere to security, architectural, and compliance standards
- Deploy and administer application hosting solutions including Windows and Linux servers, containers, databases, and file storage
- Enable DevSecOps pipeline capabilities such as security gates, CI/CD, testing, and application monitoring
- Optimize and automate infrastructure using Terraform, Ansible, GitHub Actions, and scripting
- Build interfaces and APIs to facilitate infrastructure usage by development teams
- Produce architecture diagrams, environment documentation, deployment instructions, and operational support documentation
- Provide cross-training and knowledge transfer to internal teams
Requirements
Technical Requirements
- Hands-on experience with Amazon Web Services (AWS) and Google Cloud Platform (GCP)
- Experience with DevSecOps automation and CI/CD pipelines
- Experience implementing Infrastructure as Code and automation tools
- Experience with Docker, Kubernetes, and container security
- Experience with cloud-native security services and monitoring tools
Job Tags
For contractors,