DevSecOps Cloud Engineer AWS & GC

Responsibilities

Cloud Architecture & Security (AWS & GCP)

• Design, implement, and optimize secure cloud architectures in AWS and GCP
• Conduct IAM reviews and implement least-privilege access models
• Harden identity boundaries and access controls
• Implement and configure cloud-native security services, including:
• AWS GuardDuty, Config, CloudTrail, Security Hub
• GCP Security Command Center, Cloud Armor, Cloud Logging & Monitoring
• Ensure encryption of data at rest and in transit
• Manage encryption key lifecycles using AWS KMS and GCP Cloud KMS

DevSecOps Pipeline Implementation

• Design, build, and maintain CI/CD pipelines with integrated security controls
• Implement automated security testing, including:
• Static Application Security Testing (SAST)
• Dynamic Application Security Testing (DAST)
• Software Composition Analysis (SCA)
• Embed security gates into DevOps workflows such as GitHub Actions, Jenkins, and GitLab
• Integrate and manage secrets using AWS Secrets Manager, GCP Secret Manager, and enterprise secrets management tools

Infrastructure as Code (IaC) & Automation

• Develop and maintain Infrastructure as Code using Terraform, Ansible, and AWS CloudFormation
• Implement Policy-as-Code using OPA Gatekeeper and Terraform Sentinel
• Automate provisioning and deployment of cloud networking, compute, storage, and security resources

Containers & Security

• Support Docker and Kubernetes-based workloads and containerized applications
• Implement container and cluster hardening, including Pod Security Standards, RBAC tightening, and secure image/runtime configurations
• Integrate vulnerability management and scanning solutions
• Configure service mesh or zero-trust networking models where applicable

Monitoring, Logging & Incident Response

• Configure and integrate monitoring and observability tools such as Zabbix, Prometheus, Grafana, AWS CloudWatch, and GCP Cloud Logging & Monitoring
• Build dashboards and alerts for performance, security events, and compliance tracking
• Support incident response activities, including threat analysis and root-cause investigations

Compliance & Governance

• Support compliance efforts aligned with NIST, SOC 2, ISO 27001, and FedRAMP (if applicable)
• Automate audit evidence collection where feasible
• Implement governance guardrails, tagging standards, and cloud account controls

Collaboration, Documentation & Knowledge Transfer

• Collaborate with technical leadership and internal development teams
• Provide recommendations for process improvements and tooling
• Operate with minimal supervision
• Adhere to security, architectural, and compliance standards
• Deploy and administer application hosting solutions including Windows and Linux servers, containers, databases, and file storage
• Enable DevSecOps pipeline capabilities such as security gates, CI/CD, testing, and application monitoring
• Optimize and automate infrastructure using Terraform, Ansible, GitHub Actions, and scripting
• Build interfaces and APIs to facilitate infrastructure usage by development teams
• Produce architecture diagrams, environment documentation, deployment instructions, and operational support documentation
• Provide cross-training and knowledge transfer to internal teams

Requirements

Technical Requirements

• Hands-on experience with Amazon Web Services (AWS) and Google Cloud Platform (GCP)
• Experience with DevSecOps automation and CI/CD pipelines
• Experience implementing Infrastructure as Code and automation tools
• Experience with Docker, Kubernetes, and container security
• Experience with cloud-native security services and monitoring tools