AWS DevOps Engineer – Security Focus

Job Type: Full-time
Experience: 3-5+ years

About the Role

We are hiring an AWS DevOps Engineer with a strong security background to design, implement, and safeguard our cloud infrastructure. The ideal candidate will have deep expertise in AWS security services, cloud governance, monitoring, and secure automation practices. This role requires hands-on experience with AWS-native security tools, threat detection, incident response, and compliance frameworks.

Key Responsibilities (Security-Focused)

• Architect and deploy secure, scalable, and compliant infrastructure on AWS.
• Implement security-first CI/CD pipelines with automated code scanning, secrets management, and policy enforcement.
• Configure and maintain Infrastructure as Code (IaC) following secure coding standards (Terraform, CloudFormation, CDK).
• Implement end-to-end cloud security controls, including IAM hardening, least privilege access, encryption standards, key management (KMS), and secure networking practices.
• Configure and manage AWS security services including:
• AWS WAF (Web Application Firewall)
• Amazon GuardDuty (Threat Detection)
• AWS Security Hub (Security Posture Management)
• VPC Flow Logs (Network-level monitoring & forensics)
• AWS CloudTrail (Audit logging and governance)
• AWS Config (Compliance & drift detection)
• Ensure detailed logging is enabled across all environments (CloudTrail, ALB/ELB, S3, Lambda, RDS, CloudFront, VPC).
• Lead cloud incident detection, response, and remediation activities.
• Automate security policies, vulnerability scans, patch management, and compliance reporting.
• Implement network security controls, including NACLs, security groups, firewall rules, and segmentation.
• Develop, enforce, and continuously improve cloud security best practices, SOPs, and governance frameworks.
• Collaborate with Dev, Ops, and Security teams to ensure secure deployment workflows.
• Conduct security assessments, risk evaluations, and remediation for cloud resources.

Required Skills & Experience

• 3–5+ years of experience working with AWS cloud infrastructure and security services.
• Strong expertise in:
• IAM Policies, Roles, Identity Federation
• VPC Security, Subnet Design, Peering, NAT, Routing, Firewalls
• Encryption at rest & in transit (KMS, TLS, Secrets Manager, SSM Parameter Store)
• Security logging, monitoring, and event analysis
• Hands-on experience with:
• WAF, GuardDuty, Security Hub, AWS Config, CloudTrail, VPC Flow Logs
• SIEM or log analytics tools (CloudWatch Logs Insights, OpenSearch, ELK, Splunk)
• Proficiency in Linux/Unix administration.
• Strong scripting experience: Python, Bash, Shell.
• Deep understanding of DevOps practices with secure DevOps (DevSecOps) mindset using:
• Docker
• Kubernetes / EKS
• Terraform / CloudFormation
• Jenkins / GitHub Actions / GitLab CI
• Ansible / Puppet / Chef
• Experience with vulnerability scanning, patching, and compliance tools.
• Knowledge of NIST, SOC2, ISO 27001, CIS Benchmarks (preferred).

Security Certification Requirements

Candidate MUST have at least one AWS or Security certification:

• AWS Certified Security – Specialty (Highly preferred)
• AWS Certified DevOps Engineer – Professional
• AWS Certified Solutions Architect – Professional
• AWS Certified SysOps Administrator – Associate

Additional Preferred Certifications:

• CompTIA Security+
• CEH
• CISSP
• CCSP
• ISO 27001 Lead Auditor / Implementer

Soft Skills

• Strong analytical and security-oriented problem-solving skills.
• Ability to document, communicate, and enforce security best practices.
• Quick at identifying risks and proposing mitigation strategies.
• Independent, detail-oriented, and proactive in ensuring security compliance.

Job Type: Full-time

Work Location: In person