DevSecOps Engineer (AWS) | Full Tiime | Remote | US Only
We’re Hiring: Senior DevSecOps Engineer (AWS) – Remote If you’re the kind of engineer who thinks like an attacker, builds like an architect, and executes like an operator , this role is worth your attention. We’re looking for a hands-on Senior DevSecOps Engineer to own and evolve the security posture of an AWS-based platform in the healthcare space—where security, reliability, and real-world impact matter. What makes this role compelling:
- You’ll
own security end-to-end (not just advisory)
- Work on a
live production platform with real users and real risk
- Build
secure-by-default pipelines (SAST, DAST, SCA, secrets, container scanning)
- Drive
cloud security architecture across AWS (IAM, KMS, GuardDuty, Security Hub)
- Lead
threat detection + incident response strategy
- Influence
SOC 2 readiness and policy-as-code implementation What we’re looking for:
- 5+ years in
DevSecOps / Cloud Security (AWS)
- Deep experience with
CI/CD security + automation
- Strong foundation in
Terraform, Docker, and AWS services
- Experience with
SIEM, logging, and incident response
- Someone who
doesn’t wait to be told—sees gaps and fixes them What success looks like:
- Security embedded directly into pipelines
- No hardcoded secrets—ever
- Full visibility across logs, events, and threats
- Vulnerabilities prioritized and remediated fast
- A platform that’s both
secure and scalable ✨ Who you are: You’re proactive, pragmatic, and calm under pressure. You can translate security into business impact and drive decisions that matter.
Required Qualifications
- 5+ years in DevOps, Cloud Engineering, or Security Engineering, with a minimum of 5 years in a security-focused DevSecOps or Cloud Security role.
- Demonstrated hands-on experience with: EC2, RDS (Aurora), S3, VPC, IAM, KMS, Secrets Manager, CloudTrail, GuardDuty, Security Hub, AWS Config, WAF, Systems Manager, and Lambda.
- Proven implementation of SAST, DAST, SCA, secret scanning, and container image scanning gated within CI/CD pipelines (GitHub Actions, GitLab CI, or equivalent).
- Experience writing and securing Terraform at production scale. Familiarity with tfsec, Checkov, or Sentinel for policy enforcement.
- Experience hardening Docker images, scanning with Trivy or Grype, and managing ECR lifecycle policies. Experience with ECS/EKS security configurations (task role least-privilege, network policy, runtime security).
- Hands-on experience with AWS Secrets Manager and/or HashiCorp Vault including automated rotation and zero-plaintext-credential enforcement.
- Experience configuring GuardDuty, CloudTrail, and Security Hub. Ability to write detection rules/queries in a SIEM environment.
- Experience operating a vulnerability scanning program (Amazon Inspector, Tenable, Qualys) with SLA-based remediation tracking.
- Proficient in Python and Bash for automation. Ability to independently write Lambda functions, CLI tooling, and operational scripts.
- Experience leading or co-leading security incident response in a cloud environment, including evidence preservation and post-incident reporting.
- Proven experience in customer-facing Technical Program Management, including end-to-end ownership of SaaS platform delivery and operations from a DevSecOps perspective.
Preferred Qualifications
- Certifications (strongly preferred).
AWS Security Specialty (SCS-C02), AWS Solutions Architect Associate/Professional, GIAC Cloud Security Essentials (GCLD), GIAC Public Cloud Pentester (GPCS), OSCP, or equivalent offensive/defensive cloud certification.
- Experience deploying or operating SaaS Security Posture Management tooling (Obsidian, AppOmni, Valence, Reco).
- Experience with AWS API Gateway security controls, OAuth 2.0 / OIDC hardening, and automated API security testing (42Crunch, Spectral, OWASP ZAP).
- Experience with OPA/Rego, Terraform Sentinel, or AWS Service Control Policies for automated policy enforcement.
- Experience writing correlation rules, detection logic, and dashboards in Splunk, Elastic, or Datadog SIEM.
- Experience generating and managing SBOMs (CycloneDX/SPDX), SLSA framework implementation, or Sigstore/Cosign artifact signing.
- Familiarity with CIS Controls, NIST CSF, SOC 2 Type II, or NIST 800-53. Experience supporting external audit