AWS Security Manager

AWS Security Manager Contract‑to‑Hire | Remote | $70‑75/hr (Eastern, Central & Mountain time zones)

The AWS Security Manager ensures security, compliance, and protection of our cloud‑based infrastructure. The role partners with Cloud Engineering, Dev Ops, Application teams, Security, GRC, and Audit to embed security throughout the cloud lifecycle.

• Lead and mentor a team of security engineers focused on AWS hardening, Terraform automation, CI/CD security, cloud monitoring, and incident response.
• Establish enterprise‑wide AWS security standards and policies.
• Oversee Identity and Access Management (IAM) strategy.
• Develop reusable Terraform modules and automate deployments through CI/CD.
• Guide engineers on AWS Lambda, serverless architecture, secure and scalable deployments.
• Configure AWS native security tools:
  Security Hub, Guard Duty, Config & Config rules, KMS encryption keys, VPC security (NACLs, subnets).
• Maintain strong understanding of IAM roles/policies, identity federation, encryption, KMS, and secrets management.
• Work with Dev Ops teams to implement security best practices into CI/CD pipelines and infrastructure as code.
• Enforce controls for logging, encryption, network segmentation, patching, and vulnerability management.
• Drive security automation for drift detection, patching, vulnerability remediation, and compliance reporting.
• Oversee detection and response to security events in AWS.
• Manage threat investigations, root‑cause analysis, and remediation plans.
• Build and maintain runbooks, tabletop exercises, and escalation paths.
• Implement and improve AWS security controls, guardrails, and baseline configurations.
• Continuously evaluate AWS environments for cost‑effective security improvements.
• Conduct threat modeling, vulnerability analysis, and remediation coordination.
• Maintain AWS risk register, security assessments, and internal controls.
• Ensure readiness for audits, SA&A, NIST, FISMA, and FedRAMP.
• Manage evidence gathering, control testing, and gap remediation; work with external auditors and stakeholders during audit cycles.
• Conduct regular configuration reviews, vulnerability scans, and compliance checks.
• Approve and reject new AWS architecture from a security standpoint.
• Partner with Dev Ops, engineering, and development teams; train teams on secure cloud practices.
• Report risks, KPIs, and metrics to senior leadership.
• Participate in on‑call rotations to support 24/7 production systems and respond to incidents as they arise.

• 6+ years in cloud security or cybersecurity.
• Strong evidence of managing or leading teams.
• Python or Bash scripting for automation.
• In‑depth understanding of AWS security controls (identity, logging, encryption).
• Expert knowledge of AWS IAM, KMS, security services, Cloud Trail, and Cloud Watch.
• Advanced hands‑on experience writing and reviewing Terraform modules.
• Experience writing and operating AWS Lambda functions.
• Conduct IAM policy and permissions audits to enforce least privilege.
• Ability to read and interpret access logs, account configurations, and IAM policies.
• Experience building and securing large multi‑account AWS environments.

• Must be a US Citizen.
• Must be able to obtain and maintain a Public Trust clearance.

• Cloud certifications (AWS Cloud Practitioner, Security Specialty).
• Security compliance or audit certifications.
• Experience with container security (EKS/ECS).

W2 employees of Eliassen Group scheduled to work ≥30 hours per week are eligible for medical, dental, vision, pre‑tax accounts, and other voluntary benefits including life and disability insurance, 401(k) with match, and sick time where required by law.

Eliassen Group is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.