DevSecOps/Cloud Engineer

Simple Technology Solutions is looking for a DevSecOps/Cloud Engineer to add to our team.

Quick Position Overview:

• US Citizenship is required
• Bachelor's Degree is required
• minimum of 4 years' position related experience is required

The Role: 

STS is looking for a DevSecOps / Cloud Engineer to join a federal data engineering team. You will own the deployment infrastructure and security controls for a large-scale federal cloud platform on AWS, keeping mission-critical systems running securely and reliably. A passion for automation, rigorous security discipline, and meticulous compliance with federal deployment standards are prerequisites for this position. 

This position is contingent upon contract award. 

The DevSecOps / Cloud Engineer at STS will: 

• Design, build, and maintain the program's CICD pipeline using AWS CloudFormation templates and GitHub; automate deployments to staging and production environments ensuring all deployments execute with a single command and trigger AWS Service Catalog product launches to create Lambda functions, SNS topics, and Glue jobs 

• Enforce Immutable Architecture principles across all ETL deployments; use deployment tools, CloudWatch logging, and other approved methods to ensure production and configuration environments remain consistent and controllable 

• Implement and maintain Zero Trust Architecture (ZTA) across the platform per federal Zero Trust mandates; configure and maintain IAM roles, network controls, and application-layer security controls across development, staging, and production environments 

• Integrate automated security scanning into the CICD pipeline — including SAST, OWASP ZAP dynamic scanning, dependency analysis, and government-provided container analysis tools — ensuring code delivered to production is free of medium- and high-level vulnerabilities per OWASP ASVS Level 2 

• Ensure security scans are completed at least once per sprint and included in the Definition of Done for every user story; document and explain all false positives 

• Manage AWS Secrets Manager for ETL metadata database credentials; ensure certificates and credential configurations are valid and accessible across all environments 

• Conduct periodic load and performance testing; collaborate with the IV&V team to resolve findings 

• Manage the Change Control Board (CCB) submission process; ensure Change Requests are submitted within required timelines and project closeout checklists are completed following successful production deployments 

• Support disaster recovery exercises and actual events to ensure production data loads continue as expected; maintain runbooks and operational procedures 

• Ensure compliance with FISMA, NIST 800-53, OWASP ASVS Level 2, federal software supply chain security requirements, and the Trusted Internet Connections (TIC) Initiative 

• Maintain alignment with agency cloud well-architected principles, S3 standards, and zone-level ingestion rules across all deployed infrastructure 

• Provide pre-production support including deployments and data loads in lower environments; maintain the performance metrics dashboard with real-time data 

• Participate in 2-week sprint ceremonies, quarterly PI planning, and agile delivery using JIRA and GitHub 

Education and Experience: 

Required 

• Bachelor's degree or higher in Computer Science, Information Systems, Cybersecurity, or a related field 

• 4+ years of experience in DevSecOps, cloud engineering, or platform engineering on AWS 

• Hands-on experience with AWS CloudFormation, Infrastructure-as-Code deployments, and AWS Service Catalog in a FedRAMP-authorized environment 

• Direct experience with AWS services: Lambda, Glue, S3, CloudWatch, Secrets Manager, SNS, SQS, EventBridge, Step Functions, EC2, and EMR 

• Experience building and maintaining CI/CD pipelines using GitHub Actions or GitLab CI with branch-based deployment models 

• Demonstrated knowledge of Zero Trust Architecture and experience implementing ZTA on AWS per federal mandates 

• Experience with OWASP ZAP, SAST tools, dependency analysis, and container security scanning integrated into CI/CD pipelines 

• Experience with IAM role management, Secrets Manager credential patterns, and certificate management across multi-environment setups 

• Knowledge of FISMA, NIST 800-53, and the federal SDLC/ATO process; federal agency experience strongly preferred 

• Familiarity with Immutable Architecture principles and single-command deployment standards 

• Experience with agile sprint-based delivery, JIRA, GitHub, and CCB process management 

• Must be able to work 8am-5pm Eastern Time regardless of home location; availability for on-call rotation required 

• Active federal public trust suitability determination or ability to obtain one required