AWS DevSecOps Sr. Engineer / Testers (Policy Development & Mapping) - Security, AWS, Rego Policies

About the Role:

We are seeking an experienced and highly motivated Senior AWS DevSecOps Engineer / Tester with expertise in policy development, security automation, and infrastructure-as-code (IaC). The ideal candidate will have a strong background in AWS cloud environments, DevSecOps principles, and security policy mapping and enforcement. This role will focus on creating and automating security policies, mapping them to cloud infrastructure, and ensuring that our security posture remains strong and compliant across all stages of the software development lifecycle.

You will work closely with cross-functional teams to define security requirements, integrate security tools and processes into the CI/CD pipeline, and continuously improve the security automation framework.

Key Responsibilities:

Policy Development & Mapping:

1. Design, develop, and maintain security policies for AWS environments, ensuring compliance with industry standards (e.g., NIST, CIS, ISO 27001).
2. Map and integrate security policies into infrastructure and applications deployed on AWS using Infrastructure as Code (IaC) tools such as Terraform, CloudFormation, and AWS CDK.
3. Create automated processes for security policy enforcement, auditing, and monitoring.
4. Develop security rules and guardrails using AWS native services (AWS Config, AWS Security Hub, AWS GuardDuty, etc.) and third-party security tools.

DevSecOps Engineering:

1. Build and maintain the CI/CD pipeline with embedded security testing (SAST, DAST, IAST) and automated compliance checks.
2. Automate security vulnerability assessments and remediation in the AWS environment using tools like AWS Inspector, Qualys, and other static and dynamic analysis tools.
3. Collaborate with development teams to implement security in the software development lifecycle (SDLC), shifting security left and automating security testing.
4. Create and maintain AWS security best practices, security controls, and infrastructure standards.

Testing & Vulnerability Management:

1. Conduct manual and automated penetration testing, vulnerability assessments, and code reviews focused on AWS-based applications and infrastructure.
2. Implement automated testing frameworks that validate security policies and configurations (e.g., infrastructure misconfigurations, exposed secrets).
3. Identify security gaps or vulnerabilities in AWS deployments and work with DevOps and development teams to remediate.
4. Continuously assess new threats, vulnerabilities, and attack vectors in AWS environments.

Collaboration & Reporting:

1. Work closely with DevOps, Development, and IT teams to ensure proper integration of security into cloud infrastructure and applications.
2. Provide regular security assessments, risk analysis reports, and security findings to senior leadership and relevant stakeholders.
3. Participate in incident response planning and execution, providing expertise in security issues related to AWS environments.
4. Train development teams on secure coding practices, security testing tools, and best practices for AWS security.

Continuous Improvement & Innovation:

1. Stay current with emerging trends in DevSecOps, cloud security, and AWS services.
2. Continuously improve security policies, tools, and processes to adapt to evolving threats.
3. Contribute to the creation and implementation of security automation frameworks for improved DevSecOps practices.

Required Qualifications:

Experience:

1. 5+ years of experience in AWS cloud environments with a focus on security, DevSecOps, and automation.
2. At least 3+ years of hands-on experience in security policy development and mapping for cloud infrastructure, specifically AWS.
3. Deep knowledge of AWS security tools and services, including AWS IAM, AWS KMS, AWS Config, AWS GuardDuty, AWS Shield, AWS WAF, and others.
4. Strong experience with infrastructure-as-code tools such as Terraform, AWS CloudFormation, and AWS CDK.
5. Experience with security testing tools (e.g., static and dynamic analysis, penetration testing, vulnerability scanning) and frameworks.
6. Hands-on experience with CI/CD pipeline security integration, GitOps, and container security (e.g., Docker, Kubernetes, EKS).

Technical Skills:

1. Proficiency in programming/scripting languages such as Python, Bash, or Go.
2. Experience with AWS Security Hub, AWS Inspector, AWS Trusted Advisor, and other AWS security services.
3. Familiarity with security testing frameworks (e.g., OWASP, SANS, NIST) and cloud security best practices.
4. Experience with integrating security tools into CI/CD pipelines (e.g., Jenkins, GitLab, CircleCI, etc.).
5. Strong knowledge of common security vulnerabilities (e.g., OWASP Top 10, CVE management) and how to mitigate them in cloud environments.

Certifications (Preferred):

1. AWS Certified Security - Specialty.
2. Certified DevSecOps Professional (CDP) or other related certifications.
3. CISSP, CISM, or equivalent security certifications are a plus.

Soft Skills:

1. Excellent problem-solving and analytical skills, with a keen attention to detail.
2. Strong communication skills, able to present complex security issues to both technical and non-technical audiences.
3. Ability to work independently and collaboratively in a fast-paced, dynamic environment.
4. Proactive mindset with a passion for automation, security, and continuous improvement.
5. Strong documentation skills, with the ability to create clear, concise, and actionable security reports.

Preferred Qualifications:

1. Experience with container security tools like Aqua Security, Twistlock, or Falco.
2. Hands-on experience with serverless architectures and security concerns in AWS Lambda, API Gateway, and other serverless services.
3. Familiarity with cloud-native security architectures and concepts (e.g., Zero Trust, defense in depth).
4. Experience with compliance frameworks and regulations (e.g., GDPR, HIPAA, SOC 2, PCI DSS).