Client: State of Utah
Posting ID: 154765
Posting title: Development Engineer - KSSOW 26011 - Senior DevSecOps Cloud Engineer - UDC - DTS - Department of Government Operations - IT
Job Title: Development Engineer
Location: 8523 S. Redwood Rd, West Jordan, UT, 84088
Projected Start Date: 02/23/2026
Projected End Date/Duration: 06/30/2026
Tentative interview dates: February 19th
Remote or onsite: 60% onsite, 40% remote
Local or non-local: Utah Residents only
Potential for Contract Extension
Required Skills
- Minimum of 10 years of professional experience in cloud engineering, DevOps, DevSecOps, or infrastructure engineering roles
- Minimum of 5 years of hands-on, production-level AWS experience, including designing, securing, and operating environments
- 5 years of experience designing, implementing, and maintaining CI/CD pipelines
- Candidate must demonstrate extensive experience using Infrastructure as Code
- Candidate must have hands-on experience supporting security and compliance requirements
Scoring:
- 20% - Cost
- 35% - AWS Cloud Architecture & Security
- 35% - DevSecOps, CI/CD & IaC Automation
- 10% - Containers, & Monitoring
1. Introduction
- The State of Utah Department of Government Operations, Division of Technology Services (DTS) ("Client") seeks to engage a qualified DevSecOps Cloud Engineer ("Contractor") to provide cloud engineering, DevSecOps automation, and security integration services. The Contractor will support ongoing modernization initiatives, improve the Client's cloud security posture, and implement DevSecOps best practices across Amazon Web Services (AWS) and Google Cloud Platform (Google Cloud Platform) environments.
2. Scope of Work
- The Contractor shall provide expert-level DevSecOps and cloud engineering services across the Client's cloud, application, and infrastructure ecosystems.
2.1 Cloud Architecture & Security (AWS & Google Cloud Platform)
- Design, implement, and optimize secure cloud architectures in AWS and Google Cloud Platform
- Conduct IAM reviews and implement least-privilege access models
- Harden identity boundaries and access controls
- Implement and configure cloud-native security services, such as but not limited to:
- AWS: GuardDuty, Config, CloudTrail, Security Hub
- Google Cloud Platform: Security Command Center, Cloud Armor, Cloud Logging & Monitoring
- Ensure encryption of data at rest and in transit
- Manage encryption key lifecycle such as AWS KMS and Google Cloud Platform Cloud KMS
2.2 DevSecOps Pipeline Implementation
- Design, build, and maintain CI/CD pipelines with integrated security controls
- Implement automated security testing, including:
- Static Application Security Testing (SAST)
- Dynamic Application Security Testing (DAST)
- Software Composition Analysis (SCA)
- Embed security gates into existing DevOps workflows (e.g., GitHub Actions, Jenkins, GitLab)
- Integrate and manage secrets using tools such as:
- AWS Secrets Manager
- Google Cloud Platform Secret Manager
- 1Password or equivalent enterprise solutions
2.3 Infrastructure as Code (IaC) & Automation
- Develop and maintain Infrastructure as Code using:
- Terraform
- Ansible
- AWS CloudFormation (as applicable)
- Implement Policy-as-Code using tools such as:
- OPA Gatekeeper
- Terraform Sentinel
- Automate provisioning and deployment of cloud networking, compute, storage, and security resources
2.4 Containers & Security
- Support Docker and Kubernetes based workloads and containerized applications
- Implement container and cluster hardening, including:
- Pod Security Standards
- RBAC tightening
- Secure image and runtime configurations
- Integrate vulnerability management and scanning solutions (e.g., RiskSense or equivalent)
- Configure service mesh or zero-trust networking models where applicable
2.5 Monitoring, Logging & Incident Response
- Configure and integrate monitoring and observability tooling, such as but not limited to:
- Zabbix
- Prometheus
- Grafana
- AWS CloudWatch
- Google Cloud Platform Cloud Logging & Monitoring
- Build dashboards and alerts for performance, security events, and compliance tracking
- Support incident response activities, including threat analysis and root-cause investigations
2.6 Compliance & Governance
- Support compliance efforts aligned with applicable frameworks, including:
- NIST
- SOC 2
- ISO 27001
- FedRAMP (if applicable)
- Automate audit evidence collection where feasible
- Implement governance guardrails, tagging standards, and cloud account controls
2.7. Documentation and Knowledge Transfer
- The Contractor shall provide complete and accurate documentation, including but not limited to:
- Architecture diagrams
- Environment and source code documentation
- Deployment and configuration instructions
- Operational support documentation
- Cross-training shall be provided to designated Client staff and shall include:
- Tools and software used
- Systems and environments
- Development processes and methodologies
- Application support and maintenance procedures
- The goal of cross-training is to enable Client staff to support the application when the Contractor is unavailable.
3. Contractor Responsibilities
The Engineer will serve as an augmented resource within the DTS Application Development field unit. Responsibilities include:
- Collaborating with DTS technical leadership and internal development staff.
- Providing recommendations for process improvements or tooling.
- Provide qualified DevSecOps engineering expertise.
- Operate with minimal supervision.
- Adhere to Client security, architectural, and compliance standards.
- Security, background checks, and drug testing are required for all assigned contractors.
- Contractors must comply with confidentiality provisions related to regulated government data and information systems.
- Deploy and administer application hosting solutions that include Windows and Linux servers, containers, databases, and file storage components.
- Work with development teams to implement best-practices for application hosting and deployment pipelines.
- Enable DevSecOps pipeline functions such as security gates, continuous integration, continuous delivery, testing, and application monitoring.
- Optimize and automate infrastructure with the use of technologies like Terraform, Ansible, Github Actions, and scripting.
- Build interfaces and APIs that facilitate hosting infrastructure use by development teams.
- The position is equivalent to the state's classified IT Analyst III position.
4. Client Responsibilities
The Client will provide the following:
- Access to version and access control systems, tools, software, and other project infrastructure.
- Project management and work assignments through the Division of Technology Services (DTS).
- Review deliverables and provide feedback and approvals
- Design documentation or related materials as applicable.
- Provide remote access to State systems as required.
- Provide policy, process, and procedure guidance, architectural standards, and approvals.
- Designate appropriate stakeholders for coordination and acceptance.
- Coordinate and approve backlog prioritization for enhancements.
- Hardware and software costs, including work computer, are the sole responsibility of the Client.
5. Work Location & Schedule
- Work will be performed in a hybrid model, with onsite presence required as directed by the Client
- Contractor shall be available during standard Client business hours (Mountain Time unless otherwise agreed)
- Telework eligibility is subject to Client discretion and may change at any time
Cleo Consulting is an equal opportunity employer (Minorities/Women/Veterans/Disabled)
Never miss an opportunity! Create an alert based on the job you applied for.
