DevSecOps/Cloud Engineer

At Simple Technology Solutions, our people are our priority. We know our team members are more than employees—they’re parents, friends, volunteers, artists, and athletes. That’s why we offer flexibility to help them thrive personally and professionally while delivering exceptional solutions to our Federal Government clients.

Our culture is built on collaboration, continuous learning, and excellence. We are mentors and thought leaders who share knowledge and foster growth. Recognized as a “Best Place to Work,” we believe a range of perspectives helps us drive innovation and exceed customer expectations. At STS, taking care of our people isn’t a perk—it’s the standard.

As a HUBZone company, we also offer special incentives for team members living in qualified HUBZones. Check out the HUBZone map HERE to see if you qualify!

Simple Technology Solutions is looking for a DevSecOps/Cloud Engineer to add to our team.

Quick Position Overview:

• US Citizenship is required
• Bachelor's Degree is required
• minimum of 4 years' position related experience is required

The Role: 

STS is looking for a DevSecOps / Cloud Engineer to join a federal data engineering team. You will own the deployment infrastructure and security controls for a large-scale federal cloud platform on AWS, keeping mission-critical systems running securely and reliably. A passion for automation, rigorous security discipline, and meticulous compliance with federal deployment standards are prerequisites for this position. 

This position is contingent upon contract award. 

The DevSecOps / Cloud Engineer at STS will: 

• Design, build, and maintain the program's CICD pipeline using AWS CloudFormation templates and GitHub; automate deployments to staging and production environments ensuring all deployments execute with a single command and trigger AWS Service Catalog product launches to create Lambda functions, SNS topics, and Glue jobs 

• Enforce Immutable Architecture principles across all ETL deployments; use deployment tools, CloudWatch logging, and other approved methods to ensure production and configuration environments remain consistent and controllable 

• Implement and maintain Zero Trust Architecture (ZTA) across the platform per federal Zero Trust mandates; configure and maintain IAM roles, network controls, and application-layer security controls across development, staging, and production environments 

• Integrate automated security scanning into the CICD pipeline — including SAST, OWASP ZAP dynamic scanning, dependency analysis, and government-provided container analysis tools — ensuring code delivered to production is free of medium- and high-level vulnerabilities per OWASP ASVS Level 2 

• Ensure security scans are completed at least once per sprint and included in the Definition of Done for every user story; document and explain all false positives 

• Manage AWS Secrets Manager for ETL metadata database credentials; ensure certificates and credential configurations are valid and accessible across all environments 

• Conduct periodic load and performance testing; collaborate with the IV&V team to resolve findings 

• Manage the Change Control Board (CCB) submission process; ensure Change Requests are submitted within required timelines and project closeout checklists are completed following successful production deployments 

• Support disaster recovery exercises and actual events to ensure production data loads continue as expected; maintain runbooks and operational procedures 

• Ensure compliance with FISMA, NIST 800-53, OWASP ASVS Level 2, federal software supply chain security requirements, and the Trusted Internet Connections (TIC) Initiative 

• Maintain alignment with agency cloud well-architected principles, S3 standards, and zone-level ingestion rules across all deployed infrastructure 

• Provide pre-production support including deployments and data loads in lower environments; maintain the performance metrics dashboard with real-time data 

• Participate in 2-week sprint ceremonies, quarterly PI planning, and agile delivery using JIRA and GitHub 

 

Education and Experience: 

 

Required 

 

• Bachelor's degree or higher in Computer Science, Information Systems, Cybersecurity, or a related field 

• 4+ years of experience in DevSecOps, cloud engineering, or platform engineering on AWS 

• Hands-on experience with AWS CloudFormation, Infrastructure-as-Code deployments, and AWS Service Catalog in a FedRAMP-authorized environment 

• Direct experience with AWS services: Lambda, Glue, S3, CloudWatch, Secrets Manager, SNS, SQS, EventBridge, Step Functions, EC2, and EMR 

• Experience building and maintaining CI/CD pipelines using GitHub Actions or GitLab CI with branch-based deployment models 

• Demonstrated knowledge of Zero Trust Architecture and experience implementing ZTA on AWS per federal mandates 

• Experience with OWASP ZAP, SAST tools, dependency analysis, and container security scanning integrated into CI/CD pipelines 

• Experience with IAM role management, Secrets Manager credential patterns, and certificate management across multi-environment setups 

• Knowledge of FISMA, NIST 800-53, and the federal SDLC/ATO process; federal agency experience strongly preferred 

• Familiarity with Immutable Architecture principles and single-command deployment standards 

• Experience with agile sprint-based delivery, JIRA, GitHub, and CCB process management 

• Must be able to work 8am-5pm Eastern Time regardless of home location; availability for on-call rotation required 

• Active federal public trust suitability determination or ability to obtain one required