DevSecOps/Cloud Engineer

About the role

STS is looking for a DevSecOps / Cloud Engineer to join a federal data engineering team. You will own the deployment infrastructure and security controls for a large-scale federal cloud platform on AWS, keeping mission-critical systems running securely and reliably. A passion for automation, rigorous security discipline, and meticulous compliance with federal deployment standards are prerequisites for this position. This position is contingent upon contract award. The DevSecOps / Cloud Engineer at STS will: Design, build, and maintain the program's CICD pipeline using AWS CloudFormation templates and GitHub; automate deployments to staging and production environments ensuring all deployments execute with a single command and trigger AWS Service Catalog product launches to create Lambda functions, SNS topics, and Glue jobs Enforce Immutable Architecture principles across all ETL deployments; use deployment tools, CloudWatch logging, and other approved methods to ensure production and configuration environments remain consistent and controllable Implement and maintain Zero Trust Architecture (ZTA) across the platform per federal Zero Trust mandates; configure and maintain IAM roles, network controls, and application-layer security controls across development, staging, and production environments Integrate automated security scanning into the CICD pipeline - including SAST, OWASP ZAP dynamic scanning, dependency analysis, and government-provided container analysis tools - ensuring code delivered to production is free of medium- and high-level vulnerabilities per OWASP ASVS Level 2 Ensure security scans are completed at least once per sprint and included in the Definition of Done for every user story; document and explain all false positives Manage AWS Secrets Manager for ETL metadata database credentials; ensure certificates and credential configurations are valid and accessible across all environments Conduct periodic load and performance testing; collaborate with the IV&V team to resolve findings Manage the Change Control Board (CCB) submission process; ensure Change Requests are submitted within required timelines and project closeout checklists are completed following successful production deployments Support disaster recovery exercises and actual events to ensure production data loads continue as expected; maintain runbooks and operational procedures Ensure compliance with FISMA, NIST 800-53, OWASP ASVS Level 2, federal software supply chain security requirements, and the Trusted Internet Connections (TIC) Initiative Maintain alignment with agency cloud well-architected principles, S3 standards, and zone-level ingestion rules across all deployed infrastructure Provide pre-production support including deployments and data loads in lower environments; maintain the performance metrics dashboard with real-time data Participate in 2-week sprint ceremonies, quarterly PI planning, and agile delivery using JIRA and GitHub Education and Experience: Required Bachelor's degree or higher in Computer Science, Information Systems, Cybersecurity, or a related field 4+ years of experience in DevSecOps , cloud engineering, or platform engineering on AWS Hands-on experience with AWS CloudFormation, Infrastructure-as-Code deployments, and AWS Service Catalog in a FedRAMP-authorized environment Direct experience with AWS services: Lambda, Glue, S3, CloudWatch, Secrets Manager, SNS, SQS, EventBridge , Step Functions, EC2, and EMR Experience building and maintaining CI/CD pipelines using GitHub Actions or GitLab CI with branch-based deployment models Demonstrated knowledge of Zero Trust Architecture and experience implementing ZTA on AWS per federal mandates Experience with OWASP ZAP, SAST tools, dependency analysis, and container security scanning integrated into CI/CD pipelines Experience with IAM role management, Secrets Manager credenti