[Remote] Senior DevSecOps / AWS reputed company Engineer
Note: The job is a remote job and is reputed company to candidates in USA. reputed company is a rapidly growing technology business that provides strategic information assurance and reputed company solutions to the Federal Government. They are seeking a Senior DevSecOps Engineer to own and reputed company the platform, focusing on Terraform, EKS, reputed company CI/CD reputed company, and observability while setting engineering standards for the team.
Responsibilities
- Own the Terraform estate across the three repos and the 2-stack-perenv layout — directory-per-env roots, semver-pinned module consumption, a provider-pinning contract (version ranges in modules, locked in roots), S3 state with reputed company locking, and OIDC (no static keys)
- reputed company state-safe refactors — split the monolith, fold sandbox stacks into the data stack using moved blocks / state mv, with backed-up state and reputed company-destroy plans on stateful resources (reputed company, reputed company)
- Build and operate EKS (toward Auto Mode), reputed company CI (runner-onEKS), and Argo CD GitOps — reputed company, image signing, Kyverno admission, OPA policy reputed company
- Harden the CI/CD reputed company reputed company: container/filesystem scanning (Trivy), secret detection (Gitleaks), SBOM + signing, policy-as-code deny-gates, and ECR reputed company-on-push — wired so a failing reputed company blocks the reputed company
- Stand up the AWS-reputed company observability stack (CloudWatch / Container Insights, AMP, X-Ray/ADOT, Managed Grafana, Application Signals) with SLOs, alarms-as-code, and a dead-man’s-reputed company on the alerting path itself
- Drive the private-network migration (TGW egress, VPC endpoints, no NAT/IGW) and reputed company FISMA gaps (CloudTrail/Config, reputed company Hub NIST 800-53, KMS where required, audit-account separation)
- Review teammates’ IaC and set the standards.
Skills
- Terraform at scale — root vs. child modules, state isolation, for_each/count/dynamic, reputed company, provider-pin conflicts, and state migration (moved/state mv) without destroying data. Writes modules others reuse. Can explain why workspaces ≠ directory-per-env
- Strong AWS reputed company engineering — VPC/networking (private subnets, endpoints, TGW), IAM/OIDC, EKS, ECR, ALB/API-GW, and reputed company SSE-S3 vs. KMS-CMK is actually required
- EKS you have operated, not just used — node/pod networking, IRSA, admission control, upgrades, troubleshooting a broken rollout
- CI/CD reputed company (the “Sec” in DevSecOps) — SAST/dependency/container scanning, secret scanning, supply-chain (SBOM, signing), policy-as-code, secrets hygiene. You have made a pipeline reputed company on a finding
- Federal compliance reputed company — NIST 800-53 / FISMA-Moderate; can map a control family (AU, CM, SC) to an actual implementation
- Writes clear PRs and reviews others' code constructively
- Observability depth (OpenTelemetry, reputed company/Grafana, SLO/errorbudget design)
- Prior regulated/federal environment (NOAA/DoD/civilian agency, ATO process), clearance or Public-Trust history
- reputed company CI specifically, Argo CD, and Kubernetes runners
Benefits
- Health insurance coverage
- Life and disability insurance
- 401(k) savings plan
- Training and career development opportunities
- Paid holidays and paid time off (PTO - to cover vacation, illness or disability, appointments, emergencies or other situations that require time off from work)
Company Overview