Senior DevSecOps / AWS Cloud Engineer

GAMA-1 Technologies

Greenbelt, MD

JOB DETAILS
JOB TYPE
Full-time
SKILLS
Amazon Simple Storage Service (S3), Amazon Web Services (AWS), Application Programming Interface (API), Business Growth, Cloud Computing, Code Reviews, Continuous Deployment/Delivery, Continuous Integration, Enterprise Protection, FISMA - Federal Information Security Management Act, Federal Government, File Systems, Identify Issues, Industry Standards, Information/Data Security (InfoSec), NAT (Network Address Translation), Process Development, Provider Contracting, Redis, Refactoring, Software Engineering, Subnet, Technical Strategy, Technical Support, U.S. National Institute of Standards and Technology (NIST), United States Department of Defense (DoD)
LOCATION
Greenbelt, MD
POSTED
20 days ago

Role summary

We are seeking a remote Senior DevSecOps Engineer to own and evolve the platform — Terraform, EKS, GitLab CI/CD security gates, GitOps delivery, observability, and FISMA controls — and set the engineering standard for the team. You are the person who catches a backend block in the wrong module before it merges, and who makes the security gate something developers trust rather than route around.

What you’ll do

  • Own the Terraform estate across the three repos and the 2-stack-perenv layout — directory-per-env roots, semver-pinned module consumption, a provider-pinning contract (version ranges in modules, locked in roots), S3 state with native locking, and OIDC (no static keys).
  • Lead state-safe refactors — split the monolith, fold sandbox stacks into the data stack using moved blocks / state mv, with backed-up state and zero-destroy plans on stateful resources (Aurora, Redis).
  • Build and operate EKS (toward Auto Mode), GitLab CI (runner-onEKS), and Argo CD GitOps — Helm, image signing, Kyverno admission, OPA policy decisions.
  • Harden the CI/CD security gate: container/filesystem scanning (Trivy), secret detection (Gitleaks), SBOM + signing, policy-as-code deny-gates, and ECR scan-on-push — wired so a failing gate blocks the merge.
  • Stand up the AWS-native observability stack (CloudWatch /
Container Insights, AMP, X-Ray/ADOT, Managed Grafana, Application Signals) with SLOs, alarms-as-code, and a dead-man’s-switch on the alerting path itself.
Drive the private-network migration (TGW egress, VPC endpoints, no NAT/IGW) and close FISMA gaps (CloudTrail/Config, Security Hub NIST 800-53, KMS where required, audit-account separation).
  • Review teammates’ IaC and set the standards.

Must-haves

  • Terraform at scale — root vs. child modules, state isolation, for_each/count/dynamic, drift, provider-pin conflicts, and state migration (moved/state mv) without destroying data. Writes modules others reuse. Can explain why workspaces ≠ directory-per-env.
  • Strong AWS cloud engineering — VPC/networking (private subnets, endpoints, TGW), IAM/OIDC, EKS, ECR, ALB/API-GW, and when SSE-S3 vs. KMS-CMK is actually required.
  • EKS you have operated, not just used — node/pod networking, IRSA, admission control, upgrades, troubleshooting a broken rollout.
  • CI/CD security (the “Sec” in DevSecOps)
SAST/dependency/container scanning, secret scanning, supply-chain (SBOM, signing), policy-as-code, secrets hygiene. You have made a pipeline block on a finding.
  • Federal compliance fluency — NIST 800-53 / FISMA-Moderate; can map a control family (AU, CM, SC) to an actual implementation.
  • Writes clear PRs and reviews others’ code constructively.

Strongly preferred

  • Observability depth (OpenTelemetry, Prometheus/Grafana, SLO/errorbudget design).
  • Prior regulated/federal environment (NOAA/DoD/civilian agency, ATO process), clearance or Public-Trust history.
  • GitLab CI specifically, Argo CD, and Kubernetes runners.

GAMA-1 also offers a variety of benefits, including health insurance coverage, life and disability insurance, 401(k) savings plan, training and career development opportunities, paid holidays and paid time off (PTO - to cover vacation, illness or disability, appointments, emergencies or other situations that require time off from work). For more information click here.

ABOUT GAMA-1

GAMA-1 is a rapidly growing technology business that is based in Greenbelt, Maryland. GAMA-1 Technologies provides strategic information assurance, information security, and business enterprise and networking solutions to the Federal Government. Our success is based on the utilization of industry and agency standards, establishment of standardized processes, and IT Services expertise. At GAMA-1, we believe employees should grow, achieve, and develop just as the company grows, achieves, and develops. GAMA-1 is committed to providing our employees with opportunities for career advancement throughout their employment. For more information, visit www.gama1tech.com

GAMA-1 is an Equal Opportunity Employer and all qualified applicants will receive consideration for employment without regard to: veteran status, uniformed servicemember status, race, color, religion, sex, sexual orientation, gender identity, age, pregnancy (including childbirth, lactation and related medical conditions), national origin or ancestry, citizenship or immigration status, physical or mental disability, genetic information (including testing and characteristics), domestic violence victims, political orientation, status as a smoker or tobacco user, hairstyle, use of a service animal, education status, familial status, HIV/AIDS status, height, weight, reproductive healthcare decisions or any other category protected by federal, state or local law.

Powered by JazzHR

About the Company

G

GAMA-1 Technologies

GAMA-1 is a highly-technical 8(a) Certified Small Disadvantaged Business with a proven delivery model developed with our Federal customer’s mission in mind. Our success is built on combining industry and agency standards with established GAMA-1 methodologies, IT services, development, and infrastructure expertise. GAMA-1 has refined these methods through our continual improvement process, resulting in us achieving ISO 9001:2008, ISO 20000, and ISO 27001 certifications. Additionally, our entire delivery team has ITIL v3 training and we practice CMMI Level 2 process improvement methodologies across our organization, and should receive our certification by July of 2016. GAMA-1's mission is to be a trusted partner of the Federal Government delivering quality IT & Professional services through results-driven staff and focus on our customer's vision and mission.

COMPANY SIZE
100 to 499 employees
INDUSTRY
Internet Services
FOUNDED
2008