Senior AWS DevSecOps Engineer

AFS is seeking a Senior AWS DevSecOps Engineer to lead the design, build, and automation of our cutting-edge hybrid cloud infrastructure. The ideal candidate is passionate about building secure, scalable, and highly available platforms on AWS and other cloud platforms utilizing cloud-native technologies. Your expertise in Infrastructure as Code (IaC), container orchestration with EKS, and CI/CD pipelines will be critical to empowering our development & data science teams with a robust, self-service platform. While our primary focus is AWS, experience in a hybrid environment with VMware is a plus.

Responsibilities

• AWS Infrastructure & Architecture: Design, build, and maintain scalable, resilient, and secure environments primarily within AWS. Implement and manage core AWS services, including networking (VPC, Transit Gateway), Kubernetes (EKS), compute (EC2, Lambda), storage (S3, EBS), and databases (RDS). Architect and operate containerized workloads using Amazon EKS, including cluster management, scaling, and security.
• DevSecOps & Automation: Champion and implement Infrastructure as Code (IaC) using Terraform to automate all aspects of cloud resource provisioning and management. Develop, manage, and optimize robust CI/CD pipelines to enable rapid and reliable software delivery. Master AWS IAM, creating and managing roles, policies, and permissions based on the principle of least privilege. Develop custom automation scripts and tooling (e.g., using Python, Go, or Bash) to streamline operations and eliminate manual processes, heavily focusing on the usage of API’s.
• Security & Compliance: Integrate security best practices directly into the platform and pipelines (DevSecOps). Implement and enforce security controls, encryption, and access management to meet compliance standards such as DISA STIGs. Collaborate with security teams to implement robust monitoring solutions.
• Team Enablement & Collaboration: Act as a cloud subject matter expert, providing guidance and support to development teams to optimize their use of the platform. Collaborate with stakeholders to evaluate new cloud-native technologies and recommend solutions that enhance efficiency and capability. Champion foundational best practices, including Git workflows and the proficient use of AI tools to accelerate development and problem-solving.

Qualifications

• Bachelor’s degree in a relevant field or equivalent professional experience (approximately 10 years in cloud/software engineering).
• Must possess and maintain required DoD 8140 certifications.
• Expert-level proficiency with Infrastructure as Code (IaC)
• Experience with Terraform or other similar languages
• Deep experience with container orchestration, specifically designing and managing Amazon EKS
• Strong command of AWS IAM roles, policies, and security best practices.
• Solid understanding of cloud networking, Linux/Unix administration, and security principles.
• Proficiency with Git and modern GitOps workflows.
• Deep understanding of advanced networking concepts, DNS, gateways in a hybrid/multi-cloud context.
• Extensive expertise in advanced networking, including DNS management and gateway configuration, to support robust connectivity and integration across hybrid and multi-cloud environments.

Preferred Qualifications

• Proven experience designing, building, and maintaining automated CI/CD pipelines (e.g., Jenkins, GitLab CI, AWS CodePipeline).
• Understanding of common authentication mechanisms, OIDC, OAuth2, LDAP, SAML.
• Excellent problem-solving skills and the ability to thrive in a fast-paced, evolving environment.
• Experience with VMware vSphere in a hybrid cloud context.
• Experience with configuration management tools like Ansible.
• Familiarity with other public clouds (Azure, GCP). Experience contributing to open-source projects.
• Any of the following certification(s): AWS Certified DevOps Engineer - Professional AWS Certified Solutions Architect - Professional AWS Certified Security - Specialty Certified Kubernetes Administrator (CKA) HashiCorp Certified: Terraform Associate/Professional GIAC Cloud Security Automation (GCSA)

Clearance

• An active TS/SCI is required