Job VC
Senior AWS DevSecOps Engineer
Technologies
Description
About the project
We're working on an enterprise-scale
Cyber Recovery Environment
in AWS — built to protect critical workloads from ransomware and destructive attacks. Think highly isolated cloud architecture, immutable storage, fail-closed security, and automated access controls. Everything is scoped to NIST 800-53 Moderate, with a full audit-ready evidence package ready at go-live.
The role
You'll be the person who owns security controls — from design to validation to ongoing review — with everything implemented as code. It's a part-time engagement (~20 hrs/week) with a predictable twice-weekly review cadence covering infrastructure, IAM, encryption, and serverless automation. You'll work closely with GRC, SOC, and Cloud/DevOps teams, so communication matters as much as technical depth here.
What you'll be doing
Designing and implementing security controls against NIST 800-53 Moderate — tailoring them to the environment and mapping inheritance across layers
Running regular security reviews of Terraform and IaC changes, keeping a clean findings log and tracking remediations
Reviewing and shaping IAM policies, SCPs, and access models across a multi-account AWS setup
Designing and validating KMS encryption — key policies, rotation schedules, and cross-account access patterns
Reviewing and improving serverless automation — replication windows, access controls, and security boundaries
Making sure logging, monitoring, and threat detection are properly configured end-to-end
Validating the fail-closed model — access restrictions, automated controls, and break-glass procedures
Keeping the Control Traceability Matrix up to date and putting together audit evidence packages in immutable storage
Supporting SIEM integration, tuning detection rules, writing runbooks, and helping internal teams get up to speed
What we're looking for
5+ years in AWS Security or DevSecOps engineering
Solid, hands-on Terraform experience — you know what to look for in an IaC security review
Real familiarity with NIST 800-53 Rev. 5 and what it actually takes to pass an audit
Deep knowledge of IAM, Identity Center, SCPs, and multi-account AWS architecture
Strong background in KMS and encryption design
Hands-on with AWS security and monitoring services — logging, config, threat detection
Experience validating automated, fail-closed security architectures
Comfortable writing Python and/or Bash
Clear communicator — you document things well and can explain security decisions to non-security people
Nice to have
Cyber recovery / immutable storage
S3 Object Lock
Security Hub Macie · Inspector · Access Analyzer
AWS Solutions Architect Pro / DevOps Pro
SOC 2 · PCI-DSS · HIPAA
SIEM integration experience
What AppRecode offers
20 days of paid annual leave plus public holidays.
5 paid sick days per year.
Remote-first work environment.
Friendly and supportive team culture.
Personal development plans and access to experienced mentors and technical leaders.
Reimbursement for sports activities and professional certifications (after probation).
Ongoing learning opportunities: internal trainings and knowledge-sharing sessions.
Free English classes if you want to further improve your communication skills.
We're working on an enterprise-scale
Cyber Recovery Environment
in AWS — built to protect critical workloads from ransomware and destructive attacks. Think highly isolated cloud architecture, immutable storage, fail-closed security, and automated access controls. Everything is scoped to NIST 800-53 Moderate, with a full audit-ready evidence package ready at go-live.
The role
You'll be the person who owns security controls — from design to validation to ongoing review — with everything implemented as code. It's a part-time engagement (~20 hrs/week) with a predictable twice-weekly review cadence covering infrastructure, IAM, encryption, and serverless automation. You'll work closely with GRC, SOC, and Cloud/DevOps teams, so communication matters as much as technical depth here.
What you'll be doing
Designing and implementing security controls against NIST 800-53 Moderate — tailoring them to the environment and mapping inheritance across layers
Running regular security reviews of Terraform and IaC changes, keeping a clean findings log and tracking remediations
Reviewing and shaping IAM policies, SCPs, and access models across a multi-account AWS setup
Designing and validating KMS encryption — key policies, rotation schedules, and cross-account access patterns
Reviewing and improving serverless automation — replication windows, access controls, and security boundaries
Making sure logging, monitoring, and threat detection are properly configured end-to-end
Validating the fail-closed model — access restrictions, automated controls, and break-glass procedures
Keeping the Control Traceability Matrix up to date and putting together audit evidence packages in immutable storage
Supporting SIEM integration, tuning detection rules, writing runbooks, and helping internal teams get up to speed
What we're looking for
5+ years in AWS Security or DevSecOps engineering
Solid, hands-on Terraform experience — you know what to look for in an IaC security review
Real familiarity with NIST 800-53 Rev. 5 and what it actually takes to pass an audit
Deep knowledge of IAM, Identity Center, SCPs, and multi-account AWS architecture
Strong background in KMS and encryption design
Hands-on with AWS security and monitoring services — logging, config, threat detection
Experience validating automated, fail-closed security architectures
Comfortable writing Python and/or Bash
Clear communicator — you document things well and can explain security decisions to non-security people
Nice to have
Cyber recovery / immutable storage
S3 Object Lock
Security Hub Macie · Inspector · Access Analyzer
AWS Solutions Architect Pro / DevOps Pro
SOC 2 · PCI-DSS · HIPAA
SIEM integration experience
What AppRecode offers
20 days of paid annual leave plus public holidays.
5 paid sick days per year.
Remote-first work environment.
Friendly and supportive team culture.
Personal development plans and access to experienced mentors and technical leaders.
Reimbursement for sports activities and professional certifications (after probation).
Ongoing learning opportunities: internal trainings and knowledge-sharing sessions.
Free English classes if you want to further improve your communication skills.