GAMA-1 Technologies

Senior DevSecOps / AWS Cloud Engineer

Posted 2 Days Ago

Be an Early Applicant

Greenbelt, MD, USA

In-Office

Senior level

Information Technology • Consulting

The Role

Lead and evolve the cloud platform: manage Terraform at scale and safe state migrations; operate and harden EKS, GitLab CI/CD, and Argo CD; implement CI/CD security gates (scanning, secret detection, SBOM/signing, policy-as-code); build AWS-native observability and SLOs; drive private-network migration and close FISMA/NIST 800-53 gaps; review IaC and set standards for the team.

Summary Generated by Built In

Role summaryWe are seeking a remote Senior DevSecOps Engineer to own and evolve the platform — Terraform, EKS, GitLab CI/CD security gates, GitOps delivery, observability, and FISMA controls — and set the engineering standard for the team. You are the person who catches a backend block in the wrong module before it merges, and who makes the security gate something developers trust rather than route around.What you’ll do

Own the Terraform estate across the three repos and the 2-stack-perenv layout — directory-per-env roots, semver-pinned module consumption, a provider-pinning contract (version ranges in modules, locked in roots), S3 state with native locking, and OIDC (no static keys).
Lead state-safe refactors — split the monolith, fold sandbox stacks into the data stack using moved blocks / state mv, with backed-up state and zero-destroy plans on stateful resources (Aurora, Redis).
Build and operate EKS (toward Auto Mode), GitLab CI (runner-onEKS), and Argo CD GitOps — Helm, image signing, Kyverno admission, OPA policy decisions.
Harden the CI/CD security gate: container/filesystem scanning (Trivy), secret detection (Gitleaks), SBOM + signing, policy-as-code deny-gates, and ECR scan-on-push — wired so a failing gate blocks the merge.
Stand up the AWS-native observability stack (CloudWatch /

Container Insights, AMP, X-Ray/ADOT, Managed Grafana, Application Signals) with SLOs, alarms-as-code, and a dead-man’s-switch on the alerting path itself.
Drive the private-network migration (TGW egress, VPC endpoints, no NAT/IGW) and close FISMA gaps (CloudTrail/Config, Security Hub NIST 800-53, KMS where required, audit-account separation).

Review teammates’ IaC and set the standards.

Must-haves

Terraform at scale — root vs. child modules, state isolation, for_each/count/dynamic, drift, provider-pin conflicts, and state migration (moved/state mv) without destroying data. Writes modules others reuse. Can explain why workspaces ≠ directory-per-env.
Strong AWS cloud engineering — VPC/networking (private subnets, endpoints, TGW), IAM/OIDC, EKS, ECR, ALB/API-GW, and when SSE-S3 vs. KMS-CMK is actually required.
EKS you have operated, not just used — node/pod networking, IRSA, admission control, upgrades, troubleshooting a broken rollout.
CI/CD security (the “Sec” in DevSecOps) —

SAST/dependency/container scanning, secret scanning, supply-chain (SBOM, signing), policy-as-code, secrets hygiene. You have made a pipeline block on a finding.

Federal compliance fluency — NIST 800-53 / FISMA-Moderate; can map a control family (AU, CM, SC) to an actual implementation.
Writes clear PRs and reviews others’ code constructively.

Strongly preferred

Observability depth (OpenTelemetry, Prometheus/Grafana, SLO/errorbudget design).
Prior regulated/federal environment (NOAA/DoD/civilian agency, ATO process), clearance or Public-Trust history.
GitLab CI specifically, Argo CD, and Kubernetes runners.

Skills Required

Terraform at scale (root vs child modules, state isolation, provider-pinning, for_each/count/dynamic, drift)
State migration and state-safe refactors (moved/state mv, zero-destroy plans, backed-up state)
Strong AWS cloud engineering (VPC/TGW/endpoints, IAM/OIDC, EKS, ECR, ALB/API Gateway, S3/KMS encryption decisions)
Operational EKS experience (node/pod networking, IRSA, admission control, upgrades, rollout troubleshooting)
CI/CD security: SAST/dependency/container scanning, secret scanning, SBOM and signing, policy-as-code deny-gates, pipeline blocking on findings
Federal compliance fluency (NIST 800-53 / FISMA-Moderate mapping to implementations)
Experience with GitLab CI/CD and GitOps delivery (Argo CD, GitOps patterns, Kubernetes runners)
Writes clear pull requests and conducts constructive code reviews
Observability experience (CloudWatch/Container Insights, AMP, X-Ray/ADOT, Managed Grafana, SLOs, OpenTelemetry/Prometheus/Grafana)
Prior regulated/federal environment experience or clearance / Public-Trust history

View all jobs at GAMA-1 Technologies

View GAMA-1 Technologies Profile

Report Job

Am I A Good Fit?

beta

Get Personalized Job Insights.

Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.

The Company

HQ: Greenbelt, MD

92 Employees

Year Founded: 2006

What We Do

GAMA-1 is a highly-technical Certified Small Disadvantaged Business with a mature service delivery model. We combine industry and government standards with established GAMA-1 methodologies to develop, engineer, secure, implement, and maintain IT solutions and services. We refine our methods through continuous process improvement and hold International Organization of Standards (ISO) 9001 (Quality), ISO 20000 (ITSM), and ISO 27001 (Security) certifications. We train our staff on IT Infrastructure Library (ITIL) v4 and apply Capability Maturity Model Integration (CMMI) Services Level 3 processes. GAMA-1 is proud to be Certified™ by Great Place to Work® for two consecutive years. This prestigious award is based entirely on what current employees say about their experience working at GAMA-1 Technologies. This year, 97% of employees said it’s a great workplace compared to 57% of typical U.S.-based company employees.