Senior AWS DevSecOps Engineer

AFS is seeking a Senior AWS DevSecOps Engineer to lead the design build and automation of our cutting-edge hybrid cloud infrastructure. The ideal candidate is passionate about building secure scalable and highly available platforms on AWS and other cloud platforms utilizing cloud-native technologies. Your expertise in Infrastructure as Code (IaC) container orchestration with EKS and CI/CD pipelines will be critical to empowering our development & data science teams with a robust self-service platform. While our primary focus is AWS experience in a hybrid environment with VMware is a plus.

Responsibilities

• AWS Infrastructure & Architecture: Design build and maintain scalable resilient and secure environments primarily within AWS. Implement and manage core AWS services including networking (VPC Transit Gateway) Kubernetes (EKS) compute (EC2 Lambda) storage (S3 EBS) and databases (RDS). Architect and operate containerized workloads using Amazon EKS including cluster management scaling and security.
• DevSecOps & Automation: Champion and implement Infrastructure as Code (IaC) usingTerraformto automate all aspects of cloud resource provisioning and management. Develop manage and optimize robust CI/CDpipelinesto enable rapid and reliable software delivery. MasterAWS IAM creating and managing roles policies and permissions based on the principle of least privilege. Develop custom automation scripts and tooling (e.g. using Python Go or Bash) to streamline operations and eliminate manual processes heavily focusing on the usage of APIs.
• Security & Compliance: Integrate security best practices directly into the platform and pipelines (DevSecOps). Implement and enforce security controls encryption and access management to meet compliance standards such as DISA STIGs. Collaborate with security teams to implement robust monitoring solutions.
• Team Enablement & Collaboration: Act as a cloud subject matter expert providing guidance and support to development teams to optimize their use of the platform. Collaborate with stakeholders to evaluate new cloud-native technologies and recommend solutions that enhance efficiency and capability. Champion foundational best practices includingGitworkflows and the proficient use ofAI toolsto accelerate development and problem-solving.

Qualifications

• Bachelors degree in a relevant field or equivalent professional experience (approximately 10 years in cloud/software engineering).
• Must possess and maintain required DoD 8140 certifications.
• Expert-level proficiency with Infrastructure as Code (IaC)
• Experience with Terraform or other similar languages
• Deep experience with container orchestration specifically designing and managingAmazon EKS
• Strong command ofAWS IAMroles policies and security best practices.
• Solid understanding of cloud networking Linux/Unix administration and security principles.
• Proficiency withGitand modern GitOps workflows.
• Deep understanding of advanced networking concepts DNS gateways in a hybrid/multi-cloud context.
• Extensive expertise in advanced networking including DNS management and gateway configuration to support robust connectivity and integration across hybrid and multi-cloud environments.

Preferred Qualifications

• Proven experience designing building and maintaining automatedCI/CD pipelines(e.g. Jenkins GitLab CI AWS CodePipeline).
• Understanding of common authentication mechanisms OIDC OAuth2 LDAP SAML.
• Excellent problem-solving skills and the ability to thrive in a fast-paced evolving environment.
• Experience with VMware vSphere in a hybrid cloud context.
• Experience with configuration management tools like Ansible.
• Familiarity with other public clouds (Azure GCP). Experience contributing to open-source projects.
• Any of the following certification(s): AWS Certified DevOps Engineer - Professional AWS Certified Solutions Architect - Professional AWS Certified Security - Specialty Certified Kubernetes Administrator (CKA) HashiCorp Certified: Terraform Associate/Professional GIAC Cloud Security Automation (GCSA)

Clearance

• An active TS/SCI is required