DevSecOps Cloud Engineer

ECS Tech IncFairfax, VA
Match Resume

About The Position

Summary: Hands-on infrastructure engineer who owns the day-to-day provisioning, configuration, and operation of all AWS and Azure cloud resources supporting ECS DevLabs. This role is the person writing the Terraform, managing the EKS clusters, configuring IAM policies, maintaining networking, and operating the Big Bang platform. Works closely with the Platform Engineering Lead on architecture decisions and the Security & Compliance Engineer on hardening and control implementation. This is a deeply technical, hands-on role. The DevSecOps Cloud Engineer writes infrastructure-as-code, debugs cluster issues, configures security services, and keeps the platform running — not managing people or setting strategy. The "DevSecOps" in the title reflects that security is embedded in every infrastructure decision, not bolted on afterward.

Requirements

  • 10+ years in cloud infrastructure engineering with AWS (required).
  • Strong Terraform expertise (module authoring, state management, multi-account patterns).
  • Kubernetes administration experience (EKS preferred; node management, RBAC, networking, troubleshooting).
  • Helm chart development and GitOps workflows (Flux or ArgoCD).
  • AWS networking (VPC design, load balancing, DNS, security groups, NAT, VPN).
  • IAM architecture (policies, roles, cross-account trust, OIDC federation, IRSA/PIA).
  • AWS security services (Security Hub, GuardDuty, WAF, CloudTrail, KMS, Config).
  • SOPS and secrets management patterns.
  • PostgreSQL administration fundamentals (RDS configuration, backups, parameter tuning).
  • Scripting (Bash, Python, or Go for automation).
  • Understanding of NIST 800-53 / CMMC controls as they apply to infrastructure.

Nice To Haves

  • Experience with hardened Kubernetes distributions (Big Bang, Iron Bank) preferred.
  • Azure experience (Entra ID, networking, VMs) preferred but not required.

Responsibilities

  • Infrastructure as Code:
  • Write and maintain Terraform for all AWS infrastructure (EKS, RDS, VPC, IAM, S3, CloudFront, Route 53, KMS, WAF).
  • Manage Terraform state files, backend configurations, and module versioning.
  • Implement infrastructure changes through merge requests with peer review.
  • Maintain reusable Terraform modules (VPC, RDS, IRSA, ELB, node pools).
  • Author and maintain Azure Terraform where applicable (Entra DS, VMs, networking).
  • Handle cloud account onboarding (new AWS accounts, Azure subscriptions).
  • EKS & Kubernetes Operations:
  • Manage EKS cluster lifecycle (version upgrades, node group scaling, AMI updates).
  • Maintain and upgrade Platform One Big Bang components (Istio, Keycloak, Flux, NeuVector, Grafana, Prometheus, Alert Manager, and many others).
  • Configure and manage Flux GitOps manifests and Helm chart deployments.
  • Manage SOPS-encrypted secrets and AWS Secrets Manager entries.
  • Troubleshoot cluster issues (pod scheduling, resource contention, Istio routing, certificate expiration).
  • Manage Kustomization overlays for environment-specific configurations.
  • Coordinate Big Bang version upgrades with SRE for zero-downtime rollouts.
  • Networking & Security Services:
  • Configure and maintain VPCs, subnets, security groups, NAT gateways, and route tables.
  • Manage load balancers (ALB, NLB) and target group configurations.
  • Maintain ACM certificates and Route 53 DNS records.
  • Configure and tune AWS WAF rules, Shield Advanced protections, and Firewall Manager policies.
  • Manage AWS security service configurations (Security Hub, GuardDuty, Inspector, CloudTrail, Config).
  • Implement network segmentation and firewall rules per compliance requirements.
  • Configure VPN tunnels and cross-cloud connectivity (AWS ↔ Azure).
  • IAM & Access Control:
  • Implement and maintain IAM policies, cross-account roles, and permission boundaries.
  • Configure Pod Identity Associations (PIA) and IRSA for Kubernetes workloads.
  • Manage AWS SSO permission sets and account assignments.
  • Manage Azure service principles, Entra ID app registrations, and Graph API permissions.
  • Implement least-privilege access patterns and review IAM policy drift.
  • Rotate service account credentials and API keys on schedule.
  • Database & Storage:
  • Manage RDS PostgreSQL instances (provisioning, parameter groups, maintenance windows, snapshots).
  • Configure ElastiCache clusters and connection parameters.
  • Manage S3 bucket policies, lifecycle rules, and replication configurations.
  • Configure EBS encryption defaults and Data Lifecycle Manager snapshot policies.
  • Manage CUR/Athena/Glue configuration for cost reporting.
  • Operational:
  • Monitor and optimize cloud spend across all accounts, flag anomalies to Platform Lead.
  • Address infrastructure-related P1/P2/P3 incidents.
  • Document infrastructure decisions and maintain runbooks for common operations.
  • Support the Security & Compliance Engineer with Terraform implementations.
  • Support the SRE with infrastructure changes needed for monitoring, logging, and backup.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume

What This Job Offers

Job Type

Full-time

Career Level

Mid Level

Education Level

No Education Listed

Job Search Resources

Similar DevSecOps Cloud Engineer job opportunities

Cloud DevSecOps Engineer
i4DM
i4DM • Millersville, MD1d • Remote
Cloud DevSecOps Engineer
Visionist, Inc.
Visionist, Inc. • Columbia, MD8d
Cloud DevSecOps Engineer
Bitwise
Bitwise • Columbia, MD2d
Cloud DevSecOps Engineer
Visionist
Visionist • Columbia, MD2d
Cloud DevSecOps Engineer
Regions Bank
Regions Bank • Hoover, AL11d • Hybrid
🔥 New JobCloud DevSecOps Engineer
i4DM
i4DM • Millersville, MD18h • Remote
Explore More Jobs

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service