Cloud Security & DevSecOps Consultant (AWS)

About The Position

Requirements

• Proven experience architecting and operating AWS-based security and compliance solutions
• Hands-on experience with Terraform for infrastructure and security control implementation
• Strong knowledge of AWS Control Tower, Organizations, and Service Control Policies (SCPs)
• Experience configuring AWS Config rules and automated remediation
• Experience building CI/CD pipelines (GitHub Actions, Jenkins, or CircleCI)
• Proficiency in Python for automation and scripting
• Experience working in customer-facing technical roles
• Must be authorized to work in the United States without sponsorship

Nice To Haves

• AWS Security Specialty certification
• Experience with AWS Outposts environments
• Experience supporting large-scale enterprise cloud migrations

Responsibilities

• Cloud Strategy & Advisory: Partner with customers to shape their cloud adoption journey, providing both technical and strategic guidance
• Design, plan, and implement secure cloud architectures aligned with business and compliance requirements
• Serve as a trusted advisor and deep technical resource to customers
• Security Architecture & Automation: Design and implement automated security and compliance solutions in AWS
• Develop and maintain Infrastructure-as-Code (IaC) solutions using Terraform
• Build and operate CI/CD pipelines (GitHub Actions, Jenkins, CircleCI) for security automation
• Develop Python-based automation for provisioning, compliance enforcement, and remediation
• Governance, Risk & Compliance: Implement AWS Control Tower guardrails and Service Control Policies (SCPs)
• Configure AWS Config rules with automated remediation workflows
• Develop and enforce policy-as-code frameworks (preventative, detective, responsive controls)
• Align implementations with industry standards such as CIS AWS Foundations
• Security Monitoring & Analytics: Design and deploy centralized security monitoring and analytics frameworks
• Implement AWS-native security services, including: Security Hub (centralized findings aggregation), GuardDuty (threat detection), Macie (sensitive data discovery), Inspector (vulnerability management)
• Enable observability and auditing via CloudTrail, VPC Flow Logs, and CloudWatch
• Platform Engineering & Framework Development: Build self-service account provisioning frameworks using CI/CD pipelines
• Develop scalable landing zone and account baseline architectures
• Create reusable Terraform modules and automation frameworks
• Design reference architectures and implementation playbooks
• Customer Enablement & Thought Leadership: Create high-quality technical content (playbooks, runbooks, white papers, reference architecture)
• Translate customer needs into actionable solutions and measurable outcomes
• Contribute to blogs, case studies, and internal knowledge sharing
• Provide feedback to influence product roadmaps and service enhancements
• Sample Engagement Activities: Develop self-service AWS account provisioning frameworks with automated pipelines
• Implement security baselines and SCPs aligned to compliance requirements
• Build policy-as-code frameworks for automated governance enforcement
• Design and deploy centralized security analytics dashboards
• Create playbooks and runbooks with supporting code examples
• Implement enterprise-scale security controls and monitoring solutions