DevSecOps

We are looking for a DevSecOps Automation Engineer to join a lean, high-impact platform team responsible for building and operating a secure, resilient, and fully automated AWS foundation.

This role focuses on GitOps-driven infrastructure automation, the creation of golden Terraform modules for broad developer adoption, and deep enablement of self-service cloud capabilities at scale. You will work closely with existing CI/CD teams (who own pipeline-specific modules) while owning the core infrastructure, security, and networking automation layer.

What you will do

• Design, build, and maintain GitOps-based infrastructure automation using Terraform and Pull Request workflows.
• Develop and maintain reusable "golden" Terraform modules to be consumed by development teams across the organization.
• Operate and extend Terraform Enterprise, making full use of its capabilities (workspaces, state management, policy enforcement, RBAC, run tasks, etc.).
• Implement policy-as-code and AI-augmented code reviews to ensure security, compliance, and consistency by default.
• Build automated self-healing mechanisms for infrastructure and security controls.
• Work on a multi-region AWS architecture with centralized inspection, logging, and security controls.
• Contribute to networking automation using AWS Cloud WAN as the backbone for global connectivity.
• Collaborate closely with security, platform, and CI/CD teams while keeping a strong platform-product mindset.
• Enable proactive, self-service workflows so developers can safely provision infrastructure via Git without direct platform intervention.

• Strong hands-on experience with AWS and Terraform, including advanced, production-grade usage.
• Proven experience working with Terraform Enterprise (not just OSS Terraform).
• Solid understanding of GitOps principles applied to infrastructure.
• Experience building reusable Terraform modules for large developer populations.
• Strong AWS fundamentals across networking, security, and IAM.
• Ability to design systems that are secure by default and self-service oriented.

Nice to have

• Hands-on experience with AWS Cloud WAN.
• Experience implementing policy-as-code frameworks.
• Exposure to AI-assisted code reviews or automated quality gates.
• Background in operating large-scale, multi-account AWS environments.