We’re Hiring: Senior DevSecOps Engineer (AWS) – Remote
If you’re the kind of engineer who
thinks like an attacker, builds like an architect, and executes like an operator
, this role is worth your attention.
We’re looking for a
hands-on Senior DevSecOps Engineer
to own and evolve the security posture of an AWS-based platform in the healthcare space—where
security, reliability, and real-world impact
matter.
What makes this role compelling:
• You’ll
own security end-to-end
(not just advisory)
• Work on a
live production platform
with real users and real risk
• Build
secure-by-default pipelines
(SAST, DAST, SCA, secrets, container scanning)
• Drive
cloud security architecture across AWS
(IAM, KMS, GuardDuty, Security Hub)
• Lead
threat detection + incident response strategy
• Influence
SOC 2 readiness and policy-as-code implementation
What we’re looking for:
• 5+ years in
DevSecOps / Cloud Security (AWS)
• Deep experience with
CI/CD security + automation
• Strong foundation in
Terraform, Docker, and AWS services
• Experience with
SIEM, logging, and incident response
• Someone who
doesn’t wait to be told—sees gaps and fixes them
What success looks like:
• Security embedded directly into pipelines
• No hardcoded secrets—ever
• Full visibility across logs, events, and threats
• Vulnerabilities prioritized and remediated fast
• A platform that’s both
secure and scalable
✨
Who you are:
You’re proactive, pragmatic, and calm under pressure. You can
translate security into business impact
and drive decisions that matter.
Required Qualifications
• 5+ years in DevOps, Cloud Engineering, or Security Engineering, with a minimum of 5 years in a security-focused DevSecOps or Cloud Security role.
• Demonstrated hands-on experience with: EC2, RDS (Aurora), S3, VPC, IAM, KMS, Secrets Manager, CloudTrail, GuardDuty, Security Hub, AWS Config, WAF, Systems Manager, and Lambda.
• Proven implementation of SAST, DAST, SCA, secret scanning, and container image scanning gated within CI/CD pipelines (GitHub Actions, GitLab CI, or equivalent).
• Experience writing and securing Terraform at production scale. Familiarity with tfsec, Checkov, or Sentinel for policy enforcement.
• Experience hardening Docker images, scanning with Trivy or Grype, and managing ECR lifecycle policies. Experience with ECS/EKS security configurations (task role least-privilege, network policy, runtime security).
• Hands-on experience with AWS Secrets Manager and/or HashiCorp Vault including automated rotation and zero-plaintext-credential enforcement.
• Experience configuring GuardDuty, CloudTrail, and Security Hub. Ability to write detection rules/queries in a SIEM environment.
• Experience operating a vulnerability scanning program (Amazon Inspector, Tenable, Qualys) with SLA-based remediation tracking.
• Proficient in Python and Bash for automation. Ability to independently write Lambda functions, CLI tooling, and operational scripts.
• Experience leading or co-leading security incident response in a cloud environment, including evidence preservation and post-incident reporting.
• Proven experience in customer-facing Technical Program Management, including end-to-end ownership of SaaS platform delivery and operations from a DevSecOps perspective.
Preferred Qualifications
• Certifications (strongly preferred).
AWS Security Specialty (SCS-C02), AWS Solutions Architect Associate/Professional, GIAC Cloud Security Essentials (GCLD), GIAC Public Cloud Pentester (GPCS), OSCP, or equivalent offensive/defensive cloud certification.
• Experience deploying or operating SaaS Security Posture Management tooling (Obsidian, AppOmni, Valence, Reco).
• Experience with AWS API Gateway security controls, OAuth 2.0 / OIDC hardening, and automated API security testing (42Crunch, Spectral, OWASP ZAP).
• Experience with OPA/Rego, Terraform Sentinel, or AWS Service Control Policies for automated policy enforcement.
• Experience writing correlation rules, detection logic, and dashboards in Splunk, Elastic, or Datadog SIEM.
• Experience generating and managing SBOMs (CycloneDX/SPDX), SLSA framework implementation, or Sigstore/Cosign artifact signing.
• Familiarity with CIS Controls, NIST CSF, SOC 2 Type II, or NIST 800-53. Experience supporting external audit