Senior DevSecOps Cloud Engineer

About The Position

Requirements

• The Engineer will serve as an augmented resource within the Client’s application development organization.
• Contractor availability during standard business hours is required (Mountain Time unless otherwise agreed)
• Telework eligibility is subject to Client discretion and may change at any time

Responsibilities

• Design, implement, and optimize secure cloud architectures in AWS and GCP
• Conduct IAM reviews and implement least-privilege access models
• Harden identity boundaries and access controls
• Implement and configure cloud-native security services, including but not limited to: AWS: GuardDuty, Config, CloudTrail, Security Hub GCP: Security Command Center, Cloud Armor, Cloud Logging & Monitoring
• Ensure encryption of data at rest and in transit
• Manage encryption key lifecycle using AWS KMS and GCP Cloud KMS
• Design, build, and maintain CI/CD pipelines with integrated security controls
• Implement automated security testing, including: Static Application Security Testing (SAST) Dynamic Application Security Testing (DAST) Software Composition Analysis (SCA)
• Embed security gates into DevOps workflows (e.g., GitHub Actions, Jenkins, GitLab)
• Integrate and manage secrets using tools such as: AWS Secrets Manager GCP Secret Manager 1Password or equivalent enterprise solutions
• Develop and maintain Infrastructure as Code using: Terraform Ansible AWS CloudFormation (as applicable)
• Implement Policy-as-Code using tools such as: OPA Gatekeeper Terraform Sentinel
• Automate provisioning and deployment of cloud networking, compute, storage, and security resources
• Support Docker- and Kubernetes-based workloads and containerized applications
• Implement container and cluster hardening, including: Pod Security Standards RBAC tightening Secure image and runtime configurations
• Integrate vulnerability management and scanning solutions (e.g., RiskSense or equivalent)
• Configure service mesh or zero-trust networking models where applicable
• Configure and integrate monitoring and observability tooling, including but not limited to: Zabbix Prometheus Grafana AWS CloudWatch GCP Cloud Logging & Monitoring
• Build dashboards and alerts for performance, security events, and compliance tracking
• Support incident response activities, including threat analysis and root-cause investigations
• Support compliance efforts aligned with applicable frameworks, including: NIST SOC 2 ISO 27001 FedRAMP (if applicable)
• Automate audit evidence collection where feasible
• Implement governance guardrails, tagging standards, and cloud account controls
• Provide complete and accurate documentation, including but not limited to: Architecture diagrams Environment and source code documentation Deployment and configuration instructions Operational support documentation
• Cross-training will be provided to designated Client staff and will include: Tools and software used Systems and environments Development processes and methodologies Application support and maintenance procedures
• Collaborating with technical leadership and internal development teams
• Providing recommendations for process improvements or tooling
• Delivering qualified DevSecOps engineering expertise
• Operating with minimal supervision
• Adhering to Client security, architectural, and compliance standards
• Completing required security, background, and drug screening checks
• Complying with confidentiality provisions related to regulated and sensitive data
• Deploying and administering application hosting solutions across Windows and Linux servers, containers, databases, and file storage
• Working with development teams to implement best practices for application hosting and deployment pipelines
• Enabling DevSecOps pipeline functions such as security gates, CI/CD, testing, and monitoring
• Optimizing and automating infrastructure using tools such as Terraform, Ansible, GitHub Actions, and scripting
• Building interfaces and APIs that support infrastructure usage by development teams