AWS Security Engineer (DevSecOps)
Share
Job Location:
Raleigh, WV - USA
Monthly Salary:
Not Disclosed
Posted on:
30+ days ago
Vacancies:
1 Vacancy
Job Summary
AWS Security Engineer (DevSecOps)
Location: Remote
Duration: 12 Months
Location: Remote
Duration: 12 Months
Important Notes:
* Location: Remote anywhere in the US and need to support during EST/CST hours.
* Early submissions will receive priority consideration.
* Location: Remote anywhere in the US and need to support during EST/CST hours.
* Early submissions will receive priority consideration.
Key Responsibilities:
* Design and implement secure AWS architectures following the AWS Well-Architected Framework (Security Pillar).
* Manage and govern IAM SSO KMS CloudTrail Config and Security Hub.
* Design and implement secure AWS architectures following the AWS Well-Architected Framework (Security Pillar).
* Manage and govern IAM SSO KMS CloudTrail Config and Security Hub.
Configure & Maintain AWS Native Security Services:
* GuardDuty Macie Inspector Detective WAF Shield and Firewall Manager.
* Build automated security policies and compliance frameworks (CIS NIST ISO 27001 PCI DSS).
* Implement encryption at rest and in transit enforce TLS and key rotation via KMS.
* Develop and run incident detection alerting and response workflows using EventBridge Lambda and SNS.
* Integrate AWS Security Hub and GuardDuty findings into SIEM platforms (Splunk Elastic etc.).
* GuardDuty Macie Inspector Detective WAF Shield and Firewall Manager.
* Build automated security policies and compliance frameworks (CIS NIST ISO 27001 PCI DSS).
* Implement encryption at rest and in transit enforce TLS and key rotation via KMS.
* Develop and run incident detection alerting and response workflows using EventBridge Lambda and SNS.
* Integrate AWS Security Hub and GuardDuty findings into SIEM platforms (Splunk Elastic etc.).
Systems & Infrastructure Engineering:
* Manage and secure Linux/Windows systems running on EC2 EKS and ECS.
* Build automate and maintain infrastructure with Terraform CloudFormation or AWS CDK.
* Configure VPCs subnets NAT gateways Transit Gateway and PrivateLink for secure network segmentation.
* Implement system patching configuration management and OS-level hardening (CIS benchmarks).
* Design and manage backups disaster recovery and multi-region high availability setups.
* Automate system monitoring logging and remediation with CloudWatch SSM and Config Rules.
* Manage and secure Linux/Windows systems running on EC2 EKS and ECS.
* Build automate and maintain infrastructure with Terraform CloudFormation or AWS CDK.
* Configure VPCs subnets NAT gateways Transit Gateway and PrivateLink for secure network segmentation.
* Implement system patching configuration management and OS-level hardening (CIS benchmarks).
* Design and manage backups disaster recovery and multi-region high availability setups.
* Automate system monitoring logging and remediation with CloudWatch SSM and Config Rules.
DevSecOps:
* Integrate security scanning and compliance checks into CI/CD pipelines (GitHub Actions Jenkins CodePipeline).
* Automate vulnerability management (ECR image scanning Inspector Trivy or Twistlock).
* Develop infrastructure automation for identity provisioning logging and access control.
* Create reusable Terraform modules and templates for AWS accounts and VPCs.
* Implement infrastructure drift detection and self-healing automation.
Monitoring Audit & Compliance:
* Implement centralized log aggregation with CloudWatch Logs OpenSearch or SIEM tools.
* Monitor security posture continuously via Security Hub Config and GuardDuty dashboards.
* Conduct regular vulnerability scans penetration testing coordination and security posture reviews.
* Manage audit readiness and evidence collection for compliance frameworks (SOC2 ISO27001 HIPAA).
* Develop runbooks and playbooks for incident response and operational processes.
Preferred Qualifications:
* AWS Certified Security Specialty (strongly preferred).
* Experience with multi-account AWS Organizations Control Tower and Service Control Policies (SCPs).
* Knowledge of container security (EKS ECS Bottlerocket Karpenter).
* Experience with SIEM/SOAR integrations and automated incident response.
* Exposure to Zero Trust and Network Segmentation design principles.
* Integrate security scanning and compliance checks into CI/CD pipelines (GitHub Actions Jenkins CodePipeline).
* Automate vulnerability management (ECR image scanning Inspector Trivy or Twistlock).
* Develop infrastructure automation for identity provisioning logging and access control.
* Create reusable Terraform modules and templates for AWS accounts and VPCs.
* Implement infrastructure drift detection and self-healing automation.
Monitoring Audit & Compliance:
* Implement centralized log aggregation with CloudWatch Logs OpenSearch or SIEM tools.
* Monitor security posture continuously via Security Hub Config and GuardDuty dashboards.
* Conduct regular vulnerability scans penetration testing coordination and security posture reviews.
* Manage audit readiness and evidence collection for compliance frameworks (SOC2 ISO27001 HIPAA).
* Develop runbooks and playbooks for incident response and operational processes.
Preferred Qualifications:
* AWS Certified Security Specialty (strongly preferred).
* Experience with multi-account AWS Organizations Control Tower and Service Control Policies (SCPs).
* Knowledge of container security (EKS ECS Bottlerocket Karpenter).
* Experience with SIEM/SOAR integrations and automated incident response.
* Exposure to Zero Trust and Network Segmentation design principles.
Key Skills
- Splunk
- IDS
- Network security
- Computer Networking
- Identity & Access Management
- PKI
- PCI
- NIST Standards
- Security System Experience
- Information Security
- Encryption
- Siem
