Senior AWS DevSecOps Engineer - Remote Security Automation

AWS Dev Sec Ops  Engineer - 100% Remote

Experience: 7+ years

Work Authorization: US Citizenship – Required (Federal client)

Location: Remote

Length: 12 – 36 Months

Rate: D.O.E.

Qualifications:

We are seeking a skilled Security Assessment Engineer to join our team. The ideal candidate will be instrumental in supporting the adoption of Dev Sec Ops  principles and automating assessment services to ensure continuous authorization to operate within our organization. This unique position must be able to flex between security engineering, security control automation, development, and assessor roles in a NIST-based risk management environment.

Responsibilities:

• Support Dev Sec Ops  initiatives by developing and implementing test-driven security within a CI/CD pipeline.
• Create automation to support the NIST Risk Management Framework (SP800-37, SP800-53/53a).
• Develop and track Plan of Action and Milestones (POA&Ms) to address identified security vulnerabilities and compliance gaps.
• Able to document clear and repeatable processes and train others to perform automated assessment reviews.
• Develop and implement security assessment automation tools to support Dev Sec Ops  practices.
• Collaborate with development teams to integrate security assurance into the CI/CD pipeline.
• Conduct security assessments and risk analyses on new and existing software.
• Provide Subject Matter Expertise in the creation of security policies and standards.
• Develop and document procedures specific to the role.
• Work closely with compliance teams to ensure continuous monitoring and authorization.
• Assist in developing security training and awareness for technical staff.
• Stay current with the evolving security landscape, industry trends, tools, and best practices.

Required Qualifications:

• Bachelor’s degree in Computer Science, Information Security, or a related field (preferred).
• Proven experience with security assessment tools and methodologies.
• Experience with various programming languages, automation tools, and scripting languages (e.g., Python, Ruby, Go, Bash/Shell, JavaScript/Node.js, Groovy, YAML/JSON, Power Shell, Java, Terraform).
• Understanding languages in the context of various Dev Sec Ops  tools and platforms like Docker, Kubernetes, Ansible, Chef, Puppet, Jenkins, Git Lab CI, and cloud service providers (AWS, Azure, GCP).
• Experience with Policy as Code and Compliance as Code.
• Knowledge of compliance frameworks and continuous authorization processes. Prefer NIST SP800-37, SP800-53/53a.
• Excellent communication skills and the ability to work collaboratively.
• Operational vulnerability analysis.
• Deep understanding of Dev/Sec/Ops processes and testing.

Preferred Qualifications:

• Certifications such as GCSA, CISSP, CEH, or OSCP.
• Experience in a policy and assurance or quasi-governmental environment.
• Familiarity with cloud service providers and associated security challenges.