GAMA-1 Technologies

Senior DevSecOps / AWS Cloud Engineer

Posted Yesterday

Greenbelt, MD, USA

In-Office

Senior level

Information Technology • Consulting

The Role

Lead and evolve the cloud platform: own Terraform at scale and state-safe refactors, operate EKS and GitLab CI/CD with GitOps (Argo CD), harden CI/CD security gates (Trivy, Gitleaks, SBOM/signing, policy-as-code), implement AWS-native observability, and close FISMA/NIST 800-53 gaps while reviewing teammates' IaC and setting engineering standards.

Summary Generated by Built In

Role summaryWe are seeking a remote Senior DevSecOps Engineer to own and evolve the platform — Terraform, EKS, GitLab CI/CD security gates, GitOps delivery, observability, and FISMA controls — and set the engineering standard for the team. You are the person who catches a backend block in the wrong module before it merges, and who makes the security gate something developers trust rather than route around.What you’ll do

Own the Terraform estate across the three repos and the 2-stack-perenv layout — directory-per-env roots, semver-pinned module consumption, a provider-pinning contract (version ranges in modules, locked in roots), S3 state with native locking, and OIDC (no static keys).
Lead state-safe refactors — split the monolith, fold sandbox stacks into the data stack using moved blocks / state mv, with backed-up state and zero-destroy plans on stateful resources (Aurora, Redis).
Build and operate EKS (toward Auto Mode), GitLab CI (runner-onEKS), and Argo CD GitOps — Helm, image signing, Kyverno admission, OPA policy decisions.
Harden the CI/CD security gate: container/filesystem scanning (Trivy), secret detection (Gitleaks), SBOM + signing, policy-as-code deny-gates, and ECR scan-on-push — wired so a failing gate blocks the merge.
Stand up the AWS-native observability stack (CloudWatch /

Container Insights, AMP, X-Ray/ADOT, Managed Grafana, Application Signals) with SLOs, alarms-as-code, and a dead-man’s-switch on the alerting path itself.
Drive the private-network migration (TGW egress, VPC endpoints, no NAT/IGW) and close FISMA gaps (CloudTrail/Config, Security Hub NIST 800-53, KMS where required, audit-account separation).

Review teammates’ IaC and set the standards.

Must-haves

Terraform at scale — root vs. child modules, state isolation, for_each/count/dynamic, drift, provider-pin conflicts, and state migration (moved/state mv) without destroying data. Writes modules others reuse. Can explain why workspaces ≠ directory-per-env.
Strong AWS cloud engineering — VPC/networking (private subnets, endpoints, TGW), IAM/OIDC, EKS, ECR, ALB/API-GW, and when SSE-S3 vs. KMS-CMK is actually required.
EKS you have operated, not just used — node/pod networking, IRSA, admission control, upgrades, troubleshooting a broken rollout.
CI/CD security (the “Sec” in DevSecOps) —

SAST/dependency/container scanning, secret scanning, supply-chain (SBOM, signing), policy-as-code, secrets hygiene. You have made a pipeline block on a finding.

Federal compliance fluency — NIST 800-53 / FISMA-Moderate; can map a control family (AU, CM, SC) to an actual implementation.
Writes clear PRs and reviews others’ code constructively.

Strongly preferred

Observability depth (OpenTelemetry, Prometheus/Grafana, SLO/errorbudget design).
Prior regulated/federal environment (NOAA/DoD/civilian agency, ATO process), clearance or Public-Trust history.
GitLab CI specifically, Argo CD, and Kubernetes runners.

Skills Required

Terraform at scale (root vs child modules, state isolation, for_each/count/dynamic, provider-pinning, state migration/moved/state mv)
Strong AWS cloud engineering (VPC/networking including private subnets, endpoints, TGW; IAM/OIDC; EKS; ECR; ALB/API Gateway; SSE-S3 vs KMS-CMK knowledge)
Operate EKS (node/pod networking, IRSA, admission control, upgrades, rollout troubleshooting)
CI/CD security: SAST/dependency/container scanning, secret scanning, SBOM and signing, policy-as-code deny-gates, pipeline blocking on findings
Federal compliance fluency (NIST 800-53 / FISMA-Moderate) and ability to map controls to implementations
Write clear PRs and review others' code constructively
GitOps delivery (Argo CD) and GitLab CI experience (including Kubernetes runners)
Observability experience (OpenTelemetry, Prometheus/Grafana, SLO/error-budget design)
Prior regulated/federal environment experience (ATO process), clearance or Public-Trust history

View all jobs at GAMA-1 Technologies

View GAMA-1 Technologies Profile

Report Job

Am I A Good Fit?

beta

Get Personalized Job Insights.

Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.

The Company

HQ: Greenbelt, MD

92 Employees

Year Founded: 2006

What We Do

GAMA-1 is a highly-technical Certified Small Disadvantaged Business with a mature service delivery model. We combine industry and government standards with established GAMA-1 methodologies to develop, engineer, secure, implement, and maintain IT solutions and services. We refine our methods through continuous process improvement and hold International Organization of Standards (ISO) 9001 (Quality), ISO 20000 (ITSM), and ISO 27001 (Security) certifications. We train our staff on IT Infrastructure Library (ITIL) v4 and apply Capability Maturity Model Integration (CMMI) Services Level 3 processes. GAMA-1 is proud to be Certified™ by Great Place to Work® for two consecutive years. This prestigious award is based entirely on what current employees say about their experience working at GAMA-1 Technologies. This year, 97% of employees said it’s a great workplace compared to 57% of typical U.S.-based company employees.