Senior Cloud Compliance Automation Engineer

Role Summary

This role builds and operates the automated compliance evidence collection engine for an enterprise solution running on AWS. The work is technical and hands-on, including writing Lambda functions, Terraform modules, CI/CD pipelines, and integrating with AWS Audit Manager to produce Dashboards for Compliance visibility. The right person has a developer's instincts and a security engineer's judgment.

Key Responsibilities

• Design and build Lambda-based evidence collectors that query live AWS infrastructure and produce structured compliance evidence mapped to PBMM and ITSG-33 controls
• Write and maintain IaC (Terraform) for compliance pipeline components - orchestration, storage, ingestion, and IAM roles
• Integrate evidence collection pipelines with AWS Audit Manager, ensuring evidence packages are assessment-ready
• Write automation scripts in Python and C# to support evidence normalization, schema validation, and data transformation
• Contribute to CI/CD pipeline configuration (Azure DevOps) to trigger compliance runs on code change and infrastructure deployment events
• Implement and enforce security controls within the pipeline
• Produce clear technical documentation - architecture decision records, evidence schema definitions, control mapping rationale - sufficient for assessors and auditors to follow without developer interpretation
• Participate in sprint ceremonies; deliver working automation against defined controls each sprint

Required Qualifications

• 5–7 years in software development, cloud engineering, or security automation
• Hands-on AWS experience: Lambda, Step Functions, S3, IAM, policies, config rules, KMS, CloudTrail, SSM
• Proficiency in Python and C# for automation and data transformation workloads
• Solid understanding of Terraform and AWS provider
• CI/CD pipeline configuration using Azure DevOps
• Understanding Canadian federal security frameworks: ITSG, TBS, CCCS
• Familiarity with OSCAL (Open Security Controls Assessment Language)
• Ability to read and interpret security controls and translate them into automated checks
• Government security clearance: Reliability (minimum), Secret (preferred)

Preferred Qualifications

• AWS Certified Solutions Architect or AWS Certified Developer
• Experience with AWS Audit Manager or AWS Security Hub
• HashiCorp Terraform Associate certification
• CISSP, CCSP, or Security+ certification