About the Role

We are seeking a highly motivated and skilled Security Engineer to champion the integration of security throughout our development and operations lifecycle, ensuring a robust, secure, and compliant cloud environment. This role is central to bridging the gap between engineering and security teams, automating security controls, and maintaining continuous compliance. The ideal candidate will possess deep, hands-on experience in cloud infrastructure, CI/CD pipeline development, and mandated security frameworks.

Key Responsibilities

The Security Engineer will be responsible for the following core duties:

Secure Software and Infrastructure

• Secure CI/CD Implementation: Design, implement, and manage continuous integration and deployment (CI/CD) pipelines that integrate mandatory security gates (Static/Dynamic Application Security Testing - SAST, DAST, SCA) and automated security testing.

• Infrastructure as Code (IaC): Design and manage secure cloud infrastructure using IaC tools like Terraform to provision and maintain scalable, cost-optimized environments, primarily within AWS.

• Security Automation: Automate the identification, analysis, and remediation of vulnerabilities across code, infrastructure, and deployment artifacts to improve efficiency and response time.

Cloud Security and Compliance

• Cloud Security Architecture: Collaborate with engineering teams to integrate Zero Trust principles, encryption, strict access control, and comprehensive audit logging into our cloud ecosystem.

• Containerization & Orchestration: Implement and maintain security practices for containerized applications utilizing technologies suchs as Docker and orchestration platforms like ECS/EKS (Kubernetes).

• Regulatory Adherence: Ensure continuous adherence to critical security standards and frameworks, including NIST 800-53, FedRAMP, or similar regulatory requirements.

Monitoring and Observability

• Real-time Monitoring: Integrate and manage monitoring and observability tools (e.g., CloudWatch, Datadog, Prometheus) to proactively detect and respond to security and performance issues in real-time.

Required Qualifications

• Minimum of 3+ years of professional experience focused on DevSecOps or Cloud Security Engineering.

• Deep practical knowledge of DevSecOps practices, the Secure Software Development Lifecycle (SDLC), and containerization best practices.

• Expertise with Infrastructure as Code (IaC) tools, particularly Terraform.

• Proven ability to implement and manage CI/CD pipelines for automated deployments and security scanning (e.g., GitHub Actions, GitLab CI, CircleCI).

• Hands-on proficiency in core AWS services for managing production environments.

• Familiarity with compliance frameworks like NIST 800-53 and FedRAMP, or similar government/industry security standards.

• US Citizen with the ability to obtain a Public Trust. 

Preferred Qualifications

• Experience leading engineering teams on federal cloud modernization projects (especially financial regulatory agencies).

• AWS certification (e.g., Solutions Architect, DevOps Engineer).

• Proficiency in one or more backend languages (e.g., Python, Go, Java) for scripting and tool development.

• Familiarity with Agile frameworks (Scrum) and human-centered design.