Senior DevSecOps Cloud Engineer

Senior DevSecOps Cloud Engineer AWS & GCP

1. Introduction

The Client seeks to engage a qualified DevSecOps Cloud Engineer (Contractor) to provide cloud engineering DevSecOps automation and security integration services. The Contractor will support ongoing modernization initiatives improve cloud security posture and implement DevSecOps best practices across Amazon Web Services (AWS) and Google Cloud Platform (GCP) environments.

Experience requirements:

A minimum of 10 years of professional experience in cloud engineering DevOps DevSecOps or infrastructure engineering roles.

A minimum of 5 years of hands-on production-level AWS experience including designing securing and operating environments.

5 years of experience designing implementing and maintaining CI/CD pipelines.

Please note:

This position is 60% onsite 40% remote and must reside around Salt Lake City. Temporary 4-month contract with the possibility of extension up to 5 years.

This position requires authorization to work in the U.S. without sponsorship now or in the future.

2. Scope of Work

The Contractor shall provide expert-level DevSecOps and cloud engineering services across the Clients cloud application and infrastructure ecosystems.

2.1 Cloud Architecture & Security (AWS & GCP)

• Design implement and optimize secure cloud architectures in AWS and GCP

• Conduct IAM reviews and implement least-privilege access models

• Harden identity boundaries and access controls

• Implement and configure cloud-native security services including but not limited to:

  • AWS: GuardDuty Config CloudTrail Security Hub

  • GCP: Security Command Center Cloud Armor Cloud Logging & Monitoring

• Ensure encryption of data at rest and in transit

• Manage encryption key lifecycle using AWS KMS and GCP Cloud KMS

2.2 DevSecOps Pipeline Implementation

• Design build and maintain CI/CD pipelines with integrated security controls

• Implement automated security testing including:

  • Static Application Security Testing (SAST)

  • Dynamic Application Security Testing (DAST)

  • Software Composition Analysis (SCA)

• Embed security gates into DevOps workflows (e.g. GitHub Actions Jenkins GitLab)

• Integrate and manage secrets using tools such as:

  • AWS Secrets Manager

  • GCP Secret Manager

  • 1Password or equivalent enterprise solutions

2.3 Infrastructure as Code (IaC) & Automation

• Develop and maintain Infrastructure as Code using:

  • Terraform

  • Ansible

  • AWS CloudFormation (as applicable)

• Implement Policy-as-Code using tools such as:

  • OPA Gatekeeper

  • Terraform Sentinel

• Automate provisioning and deployment of cloud networking compute storage and security resources

2.4 Containers & Security

• Support Docker- and Kubernetes-based workloads and containerized applications

• Implement container and cluster hardening including:

  • Pod Security Standards

  • RBAC tightening

  • Secure image and runtime configurations

• Integrate vulnerability management and scanning solutions (e.g. RiskSense or equivalent)

• Configure service mesh or zero-trust networking models where applicable

2.5 Monitoring Logging & Incident Response

• Configure and integrate monitoring and observability tooling including but not limited to:

  • Zabbix

  • Prometheus

  • Grafana

  • AWS CloudWatch

  • GCP Cloud Logging & Monitoring

• Build dashboards and alerts for performance security events and compliance tracking

• Support incident response activities including threat analysis and root-cause investigations

2.6 Compliance & Governance

• Support compliance efforts aligned with applicable frameworks including:

  • NIST

  • SOC 2

  • ISO 27001

  • FedRAMP (if applicable)

• Automate audit evidence collection where feasible

• Implement governance guardrails tagging standards and cloud account controls

2.7 Documentation & Knowledge Transfer

The Contractor shall provide complete and accurate documentation including but not limited to:

• Architecture diagrams

• Environment and source code documentation

• Deployment and configuration instructions

• Operational support documentation

Cross-training will be provided to designated Client staff and will include:

• Tools and software used

• Systems and environments

• Development processes and methodologies

• Application support and maintenance procedures

The goal of cross-training is to enable Client staff to support the application when the Contractor is unavailable.

3. Contractor Responsibilities

The Engineer will serve as an augmented resource within the Clients application development organization. Responsibilities include:

• Collaborating with technical leadership and internal development teams

• Providing recommendations for process improvements or tooling

• Delivering qualified DevSecOps engineering expertise

• Operating with minimal supervision

• Adhering to Client security architectural and compliance standards

• Completing required security background and drug screening checks

• Complying with confidentiality provisions related to regulated and sensitive data

• Deploying and administering application hosting solutions across Windows and Linux servers containers databases and file storage

• Working with development teams to implement best practices for application hosting and deployment pipelines

• Enabling DevSecOps pipeline functions such as security gates CI/CD testing and monitoring

• Optimizing and automating infrastructure using tools such as Terraform Ansible GitHub Actions and scripting

• Building interfaces and APIs that support infrastructure usage by development teams

4. Client Responsibilities

The Client will provide:

• Access to version control systems tools software and project infrastructure

• Project management and work assignments

• Review of deliverables with feedback and approvals

• Design documentation or related materials as applicable

• Remote access to required systems

• Policy process and architectural guidance

• Designated stakeholders for coordination and acceptance

• Backlog prioritization for enhancements

• Required hardware and software including a work computer

5. Work Location & Schedule

• Work will be performed in a hybrid model with onsite presence required as directed

• Contractor availability during standard business hours is required (Mountain Time unless otherwise agreed)

• Telework eligibility is subject to Client discretion and may change at any time