DevSecOps Engineer (AWS) | Full Tiime | Remote | US Only

🚨 We’re Hiring: Senior DevSecOps Engineer (AWS) – Remote If you’re the kind of engineer who thinks like an attacker, builds like an architect, and executes like an operator , this role is worth your attention.

We’re looking for a hands-on Senior DevSecOps Engineer to own and evolve the security posture of an AWS-based platform in the healthcare space—where security, reliability, and real-world impact matter. 💥 What makes this role compelling: You’ll own security end-to-end (not just advisory) Work on a live production platform with real users and real risk Build secure-by-default pipelines (SAST, DAST, SCA, secrets, container scanning) Drive cloud security architecture across AWS (IAM, KMS, GuardDuty, Security Hub) Lead threat detection + incident response strategy Influence SOC 2 readiness and policy-as-code implementation 🧠 What we’re looking for: 5+ years in DevSecOps / Cloud Security (AWS) Deep experience with CI/CD security + automation Strong foundation in Terraform, Docker, and AWS services Experience with SIEM, logging, and incident response Someone who doesn’t wait to be told—sees gaps and fixes them 🎯 What success looks like: Security embedded directly into pipelines No hardcoded secrets—ever Full visibility across logs, events, and threats Vulnerabilities prioritized and remediated fast A platform that’s both secure and scalable ✨ Who you are: You’re proactive, pragmatic, and calm under pressure.

You can translate security into business impact and drive decisions that matter. Required Qualifications 5+ years in DevOps, Cloud Engineering, or Security Engineering, with a minimum of 5 years in a security-focused DevSecOps or Cloud Security role.

Demonstrated hands-on experience with: EC2, RDS (Aurora), S3, VPC, IAM, KMS, Secrets Manager, CloudTrail, GuardDuty, Security Hub, AWS Config, WAF, Systems Manager, and Lambda.

Proven implementation of SAST, DAST, SCA, secret scanning, and container image scanning gated within CI/CD pipelines (GitHub Actions, GitLab CI, or equivalent). Experience writing and securing Terraform at production scale.

Familiarity with tfsec, Checkov, or Sentinel for policy enforcement. Experience hardening Docker images, scanning with Trivy or Grype, and managing ECR lifecycle policies.

Experience with ECS/EKS security configurations (task role least-privilege, network policy, runtime security). Hands-on experience with AWS Secrets Manager and/or HashiCorp Vault including automated rotation and zero-plaintext-credential enforcement.

Experience configuring GuardDuty, CloudTrail, and Security Hub. Ability to write detection rules/queries in a SIEM environment. Experience operating a vulnerability scanning program (Amazon Inspector, Tenable, Qualys) with SLA-based remediation tracking.

Proficient in Python and Bash for automation. Ability to independently write Lambda functions, CLI tooling, and operational scripts. Experience leading or co-leading security incident response in a cloud environment, including evidence preservation and post-incident reporting.

Proven experience in customer-facing Technical Program Management, including end-to-end ownership of SaaS platform delivery and operations from a DevSecOps perspective. Preferred Qualifications Certifications (strongly preferred).

AWS Security Specialty (SCS-C02), AWS Solutions Architect Associate/Professional, GIAC Cloud Security Essentials (GCLD), GIAC Public Cloud Pentester (GPCS), OSCP, or equivalent offensive/defensive cloud certification.

Experience deploying or operating SaaS Security Posture Management tooling (Obsidian, AppOmni, Valence, Reco). Experience with AWS API Gateway security controls, OAuth 2.0 / OIDC hardening, and automated API security testing (42Crunch, Spectral, OWASP ZAP).

Experience with OPA/Rego, Terraform Sentinel, or AWS Service Control Policies for automated policy enforcement. Experience writing correlation rules, detection logic, and dashboards in Splunk, Elastic, or Datadog SIEM.

Experience generating and managing SBOMs (CycloneDX/SPDX), SLSA framework implementation, or Sigstore/Cosign artifact signing. Familiarity with CIS Controls, NIST CSF, SOC 2 Type II, or NIST 800-53. Experience supporting external audit