Senior DevSecOps Engineer - AWS Infrastructure

Summary : We're seeking a Senior DevSecOps Engineer to lead our security engineering and infrastructure automation practice. You'll design zero-trust cloud architectures, establish secure CI/CD practices, and mentor our engineering teams on embedding security into every stage of development. This is a strategic, hands on leadership role for someone who thinks in threat models, compliance frameworks, and architectural maturity not just tactical security implementation.In this role, you'll : - Own security architecture decisions across our AWS infrastructure- Design and enforce secure CI/CD pipelines and deployment practices- Lead incident response and security operations- Mentor engineering teams on secure coding and infrastructure hardening- Establish security compliance and governance frameworks- Drive organizational security culture and awareness- If you've architected zero-trust systems, led incident response teams, designed compliance frameworks, and automated security at scale, we want to talk to you.Key Responsibilities : Cloud Security Architecture & Design : - Design and evolve zero-trust architecture principles across AWS, hybrid, and multi cloud environments- Conduct threat modeling, risk assessments, and security architecture reviews for critical systems and applications- Define and implement cloud security compliance frameworks (SOC 2 Type II, ISO 27001, PCI-DSS, HIPAA, NIST CSF)- Lead supply chain security initiatives: container image scanning, artifact signing, dependency provenance, SBOM management- Design and govern Identity & Access Management (IAM) policies, role hierarchies, and cross-account access patterns- Implement secrets management and cryptographic key lifecycle management across infrastructureSecure CI/CD & DevSecOps : - Architect secure CI/CD pipelines integrating security scanning, testing, and compliance checks at every stage- Design and implement automated secrets management, credential rotation, and secure credential distribution- Establish container security practices: image hardening, runtime scanning, policy-based admission controls- Implement infrastructure scanning and compliance automation (IaC scanning, misconfiguration detection)- Define and enforce security policies across deployment environments (dev, staging, production)- Mentor development teams on secure coding practices and SIEM/logging integrationInfrastructure Automation & Operations : - Design, build, and maintain scalable, secure AWS cloud infrastructure (VPC, IAM, networking, compute, storage, databases)- Implement Infrastructure as Code (Terraform, CloudFormation) with embedded security controls and compliance checks- Establish containerization and orchestration strategies (Docker, ECS, EKS) with security hardening at every layer- Design and operate centralized logging, monitoring, and alerting (CloudWatch, Grafana, ELK, Prometheus, SIEM)- Manage cloud cost optimization while maintaining security posture- Establish disaster recovery, backup, and business continuity practicesIncident Response & Security Operations : - Lead incident response program : design, testing, automation, and playbook development- Conduct or coordinate penetration testing, vulnerability assessments, and red-team exercises- Lead security incident triage, investigation, containment, and remediation- Conduct post incident reviews and establish systemic improvements- Manage vulnerability remediation pipelines and SLA enforcement- Monitor and respond to security alerts; establish security metrics (MTTR, false positive rates, vulnerability age)Leadership, Mentoring & Cross-Functional Impact : - Mentor engineering teams on secure infrastructure design, hardening, and operational security best practices- Drive security culture and awareness across development, operations, and product teams- Establish security metrics and KPIs for infrastructure and application security- Lead cross-functional security initiatives with compliance, product, operations, and executive teams- Stay current with cloud security threats, best practices, and emerging technologies- Participate in security conferences, training, and professional developmentTechnical Skills Expected : Security Architecture & Leadership (7+ years) : - Threat modeling & risk management : STRIDE, attack trees, risk scoring, security architecture reviews- Cloud security architecture : Zero-trust design, network segmentation, defense in depth, security layers- Compliance & governance frameworks : SOC 2 Type II, ISO 27001, PCI-DSS, HIPAA, NIST Cybersecurity Framework, CIS Controls- Identity & Access Management : IAM governance, MFA/2FA, identity federation, OAuth/SAML, cross-account access patterns- Secrets management & cryptography : Key rotation, secrets vaults (Hashicorp Vault, AWS Secrets Manager), encryption strategies- Incident response leadership : IR program design, automation, tabletop exercises, post-mortem facilitation- SIEM/SOAR & security monitoring : Log aggregation, alert tuning, security event correlation, automated response- Container & supply chain security : Image scanning, admission controllers, artifact signing, SBOM, artifact repository security- Vulnerability management : Patch management, scan result triage, false positive reduction, remediation SLA enforcement- Security compliance audits & assessments : SOC 2, ISO 27001, HIPAA audits, penetration testing coordination- Certifications (preferred) : CISSP, CEH, CCSK, or equivalent security leadership certificationCloud Infrastructure & Automation (7+ years) : - AWS services in depth : EC2, VPC, IAM, RDS, S3, KMS, Secrets Manager, CloudWatch, VPC Flow Logs, Config, Security Hub, GuardDuty- Infrastructure as Code : Terraform (advanced), CloudFormation, modules, state management, policy enforcement (Sentinel, OPA)- CI/CD platforms : GitHub Actions, GitLab CI, Jenkins, AWS CodePipeline, AWS CodeBuild, CodeDeploy- Containerization & orchestration : Docker (advanced), ECS, EKS, Kubernetes, image security, runtime policies- Linux system administration : Process isolation, kernel security, SELinux/AppArmor, networking, package management- Monitoring & observability : Grafana, Prometheus, CloudWatch, ELK Stack, Splunk, log analysis, custom alerting- Networking : VPC design, subnetting, routing, firewalls, NACLs, security groups, load balancing, DDoS mitigationAutomation & Programming (For Infrastructure Code) : - Languages/Scripting : Python, Bash, Go (for infrastructure tooling)- API integration : REST/GraphQL APIs, SDK usage, webhook automation, event-driven workflows- Configuration management : Ansible, Chef, Puppet (familiarity), GitOps principlesPreferred Qualifications : - 8+ years in DevSecOps, cloud security engineering, or infrastructure security- Experience leading incident response teams or security operations- Contributions to open-source security or infrastructure projects- Experience with multiple cloud providers (AWS, Azure, GCP)- Background in application security or secure SDLC- Previous security compliance audit experience (SOC 2, ISO 27001)- Experience mentoring junior engineers on security best practicesWhat We're Looking For : - A strategic thinker who sees security as an architecture problem, not a checklist- A hands on leader comfortable with infrastructure code, incident response, and mentoring- A problem solver who automates security, reduces toil, and scales practices across teams- A collaborator who can speak to developers, ops engineers, compliance, and executives- A learner who stays current with cloud security, threat landscape, and emerging technologies (ref: hirist.tech)