Position Details

Salary $140K – $160K USD / year

Type Full-Time

Experience senior

Exp. Years 3+ years (multiple), 2+ years (multiple)

Education Not specified

Category Cybersecurity

About this role

This role designs and implements secure DevSecOps pipelines on AWS, with deep experience in containerization, Kubernetes, and security automation. You will embed security controls across CI/CD and the software development lifecycle while improving compliance using compliance-as-code practices.

Key Responsibilities

Architect and implement secure CI/CD pipelines
Manage Kubernetes clusters
Deploy infrastructure as code using Terraform/OpenTofu
Embed security controls throughout SDLC (security automation, shift-left)
Integrate security scanning and security gates (SAST/DAST, container scanning, secrets, vulnerability management)

Technical Overview

DevSecOps focus on AWS infrastructure (EC2, ECS/EKS, S3, Lambda, RDS, ALB, VPC, IAM), container security scanning, and integrating security gates into CI/CD. Uses Kubernetes orchestration and Infrastructure as Code with Terraform/OpenTofu, plus SAST/DAST (SonarQube, Checkmarx, OWASP ZAP), secrets management (Vault, AWS Secrets Manager), and observability tools (Prometheus, Grafana, ELK stack, CloudWatch).

Ideal Candidate

The ideal candidate is a senior DevSecOps engineer with 3+ years of AWS cloud experience and hands-on containerization and secure CI/CD pipeline implementation. They have 2+ years with Infrastructure as Code (Terraform/OpenTofu) and Kubernetes orchestration, plus strong application and container security testing (SAST/DAST, Trivy/Aqua/Twistlock/Anchore) and secrets/vulnerability management.

Must-Have Skills

3+ years of experience in AWS cloud services (EC2ECS/EKSS3LambdaRDSALBVPCIAM)3+ years of experience in Container technologies (Docker and/or Podman)3+ years of experience in CI/CD pipelines (JenkinsGitLab CIGitHub Actionsor similar)3+ years of experience in Git version control and branching strategies2+ years of experience in Infrastructure as Code (Terraform and/or OpenTofu)2+ years of experience in Kubernetes orchestration (deploymentscalingmonitoringtroubleshooting)3+ years of experience in DevSecOps practices (security automationshift-left security)2+ years of experience in Container security scanning (TrivyAquaTwistlockAnchoreor similar)2+ years of experience in Static/Dynamic Application Security Testing (SAST/DAST tools like SonarQubeCheckmarxOWASP ZAP)2+ years of experience in Integrating security gates into CI/CD pipelines2+ years of experience in Secrets management (VaultAWS Secrets Manageror similar)2+ years of experience in Vulnerability management and remediation workflows

Nice-to-Have Skills

2+ years of experience in Configuration management (AnsibleChefor Puppet)2+ years of experience in Monitoring and observability (PrometheusGrafanaELK stackCloudWatch)

Tools & Platforms

AWSAmazon Web ServicesEC2ECSEKSS3LambdaRDSALBVPCIAMDockerPodmanJenkinsGitLab CIGitHub ActionsGitTerraformOpenTofuKubernetesAnsibleChefPuppetPrometheusGrafanaELK stackCloudWatchTrivyAquaTwistlockAnchoreSonarQubeCheckmarxOWASP ZAPVaultAWS Secrets ManagerSnyk

Required Skills

AWSAmazon Web ServicesEC2ECSEKSS3LambdaRDSALBVPCIAMDockerPodmanCI/CD pipelinesJenkinsGitLab CIGitHub ActionsGitInfrastructure as CodeTerraformOpenTofuKubernetesAnsibleChefPuppetPrometheusGrafanaELK stackCloudWatchDevSecOpssecurity automationshift-left securityTrivyAquaTwistlockAnchoreSASTDASTSonarQubeCheckmarxOWASP ZAPsecurity gatesSecrets managementVaultAWS Secrets Managervulnerability managementSoftware Composition Analysisdependency scanningSnykcompliance-as-code

Hard Skills

Amazon Web ServicesAWSEC2ECSEKSS3LambdaRDSALBVPCIAMcontainerizationDockerPodmanCI/CD pipelinesJenkinsGitLab CIGitHub ActionsGitInfrastructure as CodeTerraformOpenTofuKubernetesAnsibleChefPuppetPrometheusGrafanaELK stackCloudWatchDevSecOps practicessecurity automationshift-left securityTrivyAquaTwistlockAnchoreStatic/Dynamic Application Security TestingSASTDASTSonarQubeCheckmarxOWASP ZAPsecurity gatessecrets managementVaultAWS Secrets Managervulnerability managementremediation workflowsSoftware Composition Analysisdependency scanningSnykcompliance-as-code

Soft Skills

proactive problem solverbalances security requirements with operational efficiencycollaborating across developmentoperationsand security teamscollaboration

Industry & Role

Industry Government/Public Sector

Job Function Build and operate secure DevSecOps CI/CD and cloud infrastructure

Role Subtype DevSecOps Engineer

Tech Domains Amazon Web Services, Kubernetes, Docker, Cybersecurity

Keywords for Your Resume

Senior DevSecOps EngineerDevSecOps EngineerDevSecOpsAWSAmazon Web ServicesEC2ECSEKSS3LambdaRDSALBVPCIAMDockerPodmanCI/CDJenkinsGitLab CIGitHub ActionsGitInfrastructure as CodeTerraformOpenTofuKubernetessecurity automationshift-left securityTrivyAquaTwistlockAnchoreSASTDASTSonarQubeCheckmarxOWASP ZAPSecrets managementVaultAWS Secrets Managervulnerability managementSoftware Composition Analysisdependency scanningSnykcompliance-as-codeSAST/DAST

Deal Breakers

3+ years AWS cloud services (EC2, ECS/EKS, S3, Lambda, RDS, ALB, VPC, IAM), 3+ years CI/CD pipelines (Jenkins, GitLab CI, GitHub Actions or similar), 2+ years Infrastructure as Code (Terraform and/or OpenTofu), 2+ years Kubernetes orchestration, 2+ years SAST/DAST tools experience and security gates in CI/CD, 2+ years secrets management (Vault, AWS Secrets Manager or similar)

Apply for this Position →

Get matched to jobs like this

Luna finds roles that fit your skills and career goals — no endless scrolling required.

Create a Free Profile

Senior DevSecOps Engineer (Remote)

Get matched to jobs like this