DevSecOps Cloud Engineer (AWS & Google Cloud Platform)

Seeking a higly qualified DevSecOps Cloud Engineer to provide cloud engineering, DevSecOps automation, and security integration services. The Contractor will support ongoing modernization initiatives, improve the Client's cloud security posture, and implement DevSecOps best practices across Amazon Web Services (AWS) and Google Cloud Platform (Google Cloud Platform) environments.

Responsibilities

Cloud Architecture & Security (AWS & Google Cloud Platform)

• Design, implement, and optimize secure cloud architectures in AWS and Google Cloud Platform
• Conduct IAM reviews and implement least-privilege access models
• Harden identity boundaries and access controls
• Implement and configure cloud-native security services, including:
  • AWS GuardDuty, Config, CloudTrail, Security Hub
  • Google Cloud Platform Security Command Center, Cloud Armor, Cloud Logging & Monitoring
• Ensure encryption of data at rest and in transit
• Manage encryption key lifecycles using AWS KMS and Google Cloud Platform Cloud KMS

DevSecOps Pipeline Implementation

• Design, build, and maintain CI/CD pipelines with integrated security controls
• Implement automated security testing, including:
  • Static Application Security Testing (SAST)
  • Dynamic Application Security Testing (DAST)
  • Software Composition Analysis (SCA)
• Embed security gates into DevOps workflows such as GitHub Actions, Jenkins, and GitLab
• Integrate and manage secrets using AWS Secrets Manager, Google Cloud Platform Secret Manager, and enterprise secrets management tools

Infrastructure as Code (IaC) & Automation

• Develop and maintain Infrastructure as Code using Terraform, Ansible, and AWS CloudFormation
• Implement Policy-as-Code using OPA Gatekeeper and Terraform Sentinel
• Automate provisioning and deployment of cloud networking, compute, storage, and security resources

Containers & Security

• Support Docker and Kubernetes-based workloads and containerized applications
• Implement container and cluster hardening, including Pod Security Standards, RBAC tightening, and secure image/runtime configurations
• Integrate vulnerability management and scanning solutions
• Configure service mesh or zero-trust networking models where applicable

Monitoring, Logging & Incident Response

• Configure and integrate monitoring and observability tools such as Zabbix, Prometheus, Grafana, AWS CloudWatch, and Google Cloud Platform Cloud Logging & Monitoring
• Build dashboards and alerts for performance, security events, and compliance tracking
• Support incident response activities, including threat analysis and root-cause investigations

Compliance & Governance

• Support compliance efforts aligned with NIST, SOC 2, ISO 2NA01, and FedRAMP (if applicable)
• Automate audit evidence collection where feasible
• Implement governance guardrails, tagging standards, and cloud account controls

Collaboration, Documentation & Knowledge Transfer

• Collaborate with technical leadership and internal development teams
• Provide recommendations for process improvements and tooling
• Operate with minimal supervision
• Adhere to security, architectural, and compliance standards
• Deploy and administer application hosting solutions including Windows and Linux servers, containers, databases, and file storage
• Enable DevSecOps pipeline capabilities such as security gates, CI/CD, testing, and application monitoring
• Optimize and automate infrastructure using Terraform, Ansible, GitHub Actions, and scripting
• Build interfaces and APIs to facilitate infrastructure usage by development teams
• Produce architecture diagrams, environment documentation, deployment instructions, and operational support documentation
• Provide cross-training and knowledge transfer to internal teams

Requirements

Technical Requirements

• Hands-on experience with Amazon Web Services (AWS) and Google Cloud Platform (Google Cloud Platform)
• Experience with DevSecOps automation and CI/CD pipelines
• Experience implementing Infrastructure as Code and automation tools
• Experience with Docker, Kubernetes, and container security
• Experience with cloud-native security services and monitoring tools