Senior Site Reliability Engineer - Government Cloud

About The Position

Requirements

• 5+ years in an infrastructure, DevOps, or cloud engineering role with meaningful time spent in AWS. Direct experience with AWS GovCloud is a strong plus, but deep AWS fluency with a willingness to navigate GovCloud's constraints is what matters most.
• Hands-on experience designing VPC architectures, configuring encryption at rest and in transit, and operating AWS native compute, database, and caching services in production under real workloads.
• Worked with infrastructure-as-code like CDK or Terraform in FedRAMP or CMMC environments, preferably supporting a customer-facing SaaS product. Reusable IaC patterns for multi-account deployments are exactly the kind of thinking we need.
• Understand what it takes to operate in a compliance-regulated environment. FedRAMP, FISMA, or similar experience is valuable — not because we need someone who's memorized NIST 800-53, but because you know what it means to build infrastructure where every design decision has to be documented, justified, and auditable.
• Comfortable with container image pipelines and hardening. Should be able to reason about base image provenance, vulnerability scanning, and what "hardened" actually means in practice.
• Good instincts for the boundary between "locked down for compliance" and "usable by engineering."
• Can write clearly. This role involves producing tech plans, runbooks, and operational documentation that will be reviewed during our FedRAMP assessment. Sitting through a compliance assessment before and knowing how to answer assessor questions with evidence is a real advantage.
• Comfortable learning new technologies with the support of your teammates. We use Ruby, Rails, React, TypeScript, Postgres, Redis, and Kubernetes.

Nice To Haves

• Direct experience with AWS GovCloud is a strong plus
• FedRAMP, FISMA, or similar experience is valuable
• Sat through a compliance assessment before and know how to answer assessor questions with evidence

Responsibilities

• Building and operating the AWS GovCloud environment that will host Tines for federal customers — from foundational network architecture through to production-ready, assessment-ready infrastructure.
• Designing and implementing repeatable infrastructure-as-code to provision dedicated customer environments.
• Owning the container image pipeline for our government deployment — building, hardening, scanning, and promoting FIPS-compliant images through our CI/CD pipeline using AWS native tooling.
• Identifying and fixing availability risks and monitoring gaps to ensure our government environments stay healthy, observable, and auditable.
• Working closely with our assessment partners to produce the infrastructure documentation, architecture diagrams, and evidence needed for FedRAMP authorization — and being the person who can walk an assessor through every design decision.
• Enabling product engineers to build new features that work seamlessly across our commercial and government environments: observability, logging, and simplifying deployments.
• Defining how we separate compliance-restricted functions from day-to-day engineering operations so the team can ship code and respond to incidents without breaking the security boundary.
• Supporting our self-hosted federal customers operating in our CMMC environment, including handling escalations and complex, long-running support cases as part of the team's on-call responsibilities.

Benefits

• equity