DevSecOps/Cloud Engineer
Role details
Job location
Tech stack
Job description
STS is looking for a DevSecOps / Cloud Engineer to join a federal data engineering team. You will own the deployment infrastructure and security controls for a large-scale federal cloud platform on AWS, keeping mission-critical systems running securely and reliably. A passion for automation, rigorous security discipline, and meticulous compliance with federal deployment standards are prerequisites for this position., * Design, build, and maintain the program's CICD pipeline using AWS CloudFormation templates and GitHub; automate deployments to staging and production environments ensuring all deployments execute with a single command and trigger AWS Service Catalog product launches to create Lambda functions, SNS topics, and Glue jobs
-
Enforce Immutable Architecture principles across all ETL deployments; use deployment tools, CloudWatch logging, and other approved methods to ensure production and configuration environments remain consistent and controllable
-
Implement and maintain Zero Trust Architecture (ZTA) across the platform per federal Zero Trust mandates; configure and maintain IAM roles, network controls, and application-layer security controls across development, staging, and production environments
-
Integrate automated security scanning into the CICD pipeline - including SAST, OWASP ZAP dynamic scanning, dependency analysis, and government-provided container analysis tools - ensuring code delivered to production is free of medium- and high-level vulnerabilities per OWASP ASVS Level 2
-
Ensure security scans are completed at least once per sprint and included in the Definition of Done for every user story; document and explain all false positives
-
Manage AWS Secrets Manager for ETL metadata database credentials; ensure certificates and credential configurations are valid and accessible across all environments
-
Conduct periodic load and performance testing; collaborate with the IV&V team to resolve findings
-
Manage the Change Control Board (CCB) submission process; ensure Change Requests are submitted within required timelines and project closeout checklists are completed following successful production deployments
-
Support disaster recovery exercises and actual events to ensure production data loads continue as expected; maintain runbooks and operational procedures
-
Ensure compliance with FISMA, NIST 800-53, OWASP ASVS Level 2, federal software supply chain security requirements, and the Trusted Internet Connections (TIC) Initiative
-
Maintain alignment with agency cloud well-architected principles, S3 standards, and zone-level ingestion rules across all deployed infrastructure
-
Provide pre-production support including deployments and data loads in lower environments; maintain the performance metrics dashboard with real-time data
-
Participate in 2-week sprint ceremonies, quarterly PI planning, and agile delivery using JIRA and GitHub
Requirements
Do you have experience in Zero trust architecture design?, Do you have a Bachelor's degree?, * Bachelor's Degree is required
-
minimum of 4 years' position related experience is required, * Bachelor's degree or higher in Computer Science, Information Systems, Cybersecurity, or a related field
-
4+ years of experience in DevSecOps, cloud engineering, or platform engineering on AWS
-
Hands-on experience with AWS CloudFormation, Infrastructure-as-Code deployments, and AWS Service Catalog in a FedRAMP-authorized environment
-
Direct experience with AWS services: Lambda, Glue, S3, CloudWatch, Secrets Manager, SNS, SQS, EventBridge, Step Functions, EC2, and EMR
-
Experience building and maintaining CI/CD pipelines using GitHub Actions or GitLab CI with branch-based deployment models
-
Demonstrated knowledge of Zero Trust Architecture and experience implementing ZTA on AWS per federal mandates
-
Experience with OWASP ZAP, SAST tools, dependency analysis, and container security scanning integrated into CI/CD pipelines
-
Experience with IAM role management, Secrets Manager credential patterns, and certificate management across multi-environment setups
-
Knowledge of FISMA, NIST 800-53, and the federal SDLC/ATO process; federal agency experience strongly preferred
-
Familiarity with Immutable Architecture principles and single-command deployment standards
-
Experience with agile sprint-based delivery, JIRA, GitHub, and CCB process management
-
Must be able to work 8am-5pm Eastern Time regardless of home location; availability for on-call rotation required
-
Active federal public trust suitability determination or ability to obtain one required