DevSecOps/Cloud Engineer

Simple Technology Solutions is looking for a DevSecOps/Cloud Engineer to add to our team.

Quick Position Overview:

• US Citizenship is required
• Bachelor's Degree is required
• minimum of 4 years' position related experience is required

The Role:

STS is looking for a DevSecOps / Cloud Engineer to join a federal data engineering team. You will own the deployment infrastructure and security controls for a large-scale federal cloud platform on AWS, keeping mission-critical systems running securely and reliably. A passion for automation, rigorous security discipline, and meticulous compliance with federal deployment standards are prerequisites for this position.

This position is contingent upon contract award.

The DevSecOps / Cloud Engineer at STS will:

• Design, build, and maintain the program's CICD pipeline using AWS CloudFormation templates and GitHub; automate deployments to staging and production environments ensuring all deployments execute with a single command and trigger AWS Service Catalog product launches to create Lambda functions, SNS topics, and Glue jobs

• Enforce Immutable Architecture principles across all ETL deployments; use deployment tools, CloudWatch logging, and other approved methods to ensure production and configuration environments remain consistent and controllable

• Implement and maintain Zero Trust Architecture (ZTA) across the platform per federal Zero Trust mandates; configure and maintain IAM roles, network controls, and application-layer security controls across development, staging, and production environments

• Integrate automated security scanning into the CICD pipeline — including SAST, OWASP ZAP dynamic scanning, dependency analysis, and government-provided container analysis tools — ensuring code delivered to production is free of medium- and high-level vulnerabilities per OWASP ASVS Level 2

• Ensure security scans are completed at least once per sprint and included in the Definition of Done for every user story; document and explain all false positives

• Manage AWS Secrets Manager for ETL metadata database credentials; ensure certificates and credential configurations are valid and accessible across all environments

• Conduct periodic load and performance testing; collaborate with the IV&V team to resolve findings

• Manage the Change Control Board (CCB) submission process; ensure Change Requests are submitted within required timelines and project closeout checklists are completed following successful production deployments

• Support disaster recovery exercises and actual events to ensure production data loads continue as expected; maintain runbooks and operational procedures

• Ensure compliance with FISMA, NIST 800-53, OWASP ASVS Level 2, federal software supply chain security requirements, and the Trusted Internet Connections (TIC) Initiative

• Maintain alignment with agency cloud well-architected principles, S3 standards, and zone-level ingestion rules across all deployed infrastructure

• Provide pre-production support including deployments and data loads in lower environments; maintain the performance metrics dashboard with real-time data

• Participate in 2-week sprint ceremonies, quarterly PI planning, and agile delivery using JIRA and GitHub

Education and Experience:

Required

• Bachelor's degree or higher in Computer Science, Information Systems, Cybersecurity, or a related field

• 4+ years of experience in DevSecOps, cloud engineering, or platform engineering on AWS

• Hands-on experience with AWS CloudFormation, Infrastructure-as-Code deployments, and AWS Service Catalog in a FedRAMP-authorized environment

• Direct experience with AWS services: Lambda, Glue, S3, CloudWatch, Secrets Manager, SNS, SQS, EventBridge, Step Functions, EC2, and EMR

• Experience building and maintaining CI/CD pipelines using GitHub Actions or GitLab CI with branch-based deployment models

• Demonstrated knowledge of Zero Trust Architecture and experience implementing ZTA on AWS per federal mandates

• Experience with OWASP ZAP, SAST tools, dependency analysis, and container security scanning integrated into CI/CD pipelines

• Experience with IAM role management, Secrets Manager credential patterns, and certificate management across multi-environment setups

• Knowledge of FISMA, NIST 800-53, and the federal SDLC/ATO process; federal agency experience strongly preferred

• Familiarity with Immutable Architecture principles and single-command deployment standards

• Experience with agile sprint-based delivery, JIRA, GitHub, and CCB process management

• Must be able to work 8am-5pm Eastern Time regardless of home location; availability for on-call rotation required

• Active federal public trust suitability determination or ability to obtain one required