Logo for GAMA-1 Technologies

Senior DevSecOps / AWS Cloud Engineer

Role overview

Qualifications

  • Terraform at scale experience
  • Strong AWS cloud engineering skills
  • Experience operating EKS
  • CI/CD security knowledge

Responsibilities

  • Own the Terraform estate and lead state-safe refactors
  • Build and operate EKS, GitLab CI, and Argo CD GitOps
  • Harden the CI/CD security gate and manage AWS-native observability stack
  • Drive private-network migration and close FISMA gaps

About the company

GAMA-1 Technologies logo

GAMA-1 Technologies

Information Technology & Services

GAMA-1 is a highly-technical Certified Small Disadvantaged Business with a mature service delivery model. We combine industry and government standards with established GAMA-1 methodologies to develop, engineer, secure, implement, and maintain IT solutions and services. We refine our methods through continuous process improvement and hold International Organization of Standards (ISO) 9001 (Quality), ISO 20000 (ITSM), and ISO 27001 (Security) certifications. We train our staff on IT Infrastructure Library (ITIL) v4 and apply Capability Maturity Model Integration (CMMI) Services Level 3 processes. GAMA-1 is proud to be Certified™ by Great Place to Work® for two consecutive years. This prestigious award is based entirely on what current employees say about their experience working at GAMA-1 Technologies. This year, 97% of employees said it’s a great workplace compared to 57% of typical U.S.-based company employees.

Company details

Company typeSME
IndustryInformation Technology & Services
Company size51 - 200

Your match analysis

See how your profile stacks up against this role.

We compared the job requirements to your profile to show where you're strong and where you fall short.

Job description

Role summary

We are seeking a remote Senior DevSecOps Engineer to own and evolve the platform — Terraform, EKS, GitLab CI/CD security gates, GitOps delivery, observability, and FISMA controls — and set the engineering standard for the team. You are the person who catches a backend block in the wrong module before it merges, and who makes the security gate something developers trust rather than route around.

What you’ll do

  • Own the Terraform estate across the three repos and the 2-stack-perenv layout — directory-per-env roots, semver-pinned module consumption, a provider-pinning contract (version ranges in modules, locked in roots), S3 state with native locking, and OIDC (no static keys).
  • Lead state-safe refactors — split the monolith, fold sandbox stacks into the data stack using moved blocks / state mv, with backed-up state and zero-destroy plans on stateful resources (Aurora, Redis).
  • Build and operate EKS (toward Auto Mode), GitLab CI (runner-onEKS), and Argo CD GitOps — Helm, image signing, Kyverno admission, OPA policy decisions.
  • Harden the CI/CD security gate: container/filesystem scanning (Trivy), secret detection (Gitleaks), SBOM + signing, policy-as-code deny-gates, and ECR scan-on-push — wired so a failing gate blocks the merge.
  • Stand up the AWS-native observability stack (CloudWatch /
Container Insights, AMP, X-Ray/ADOT, Managed Grafana, Application Signals) with SLOs, alarms-as-code, and a dead-man’s-switch on the alerting path itself.
Drive the private-network migration (TGW egress, VPC endpoints, no NAT/IGW) and close FISMA gaps (CloudTrail/Config, Security Hub NIST 800-53, KMS where required, audit-account separation).
  • Review teammates’ IaC and set the standards.

Must-haves

  • Terraform at scale — root vs. child modules, state isolation, for_each/count/dynamic, drift, provider-pin conflicts, and state migration (moved/state mv) without destroying data. Writes modules others reuse. Can explain why workspaces ≠ directory-per-env.
  • Strong AWS cloud engineering — VPC/networking (private subnets, endpoints, TGW), IAM/OIDC, EKS, ECR, ALB/API-GW, and when SSE-S3 vs. KMS-CMK is actually required.
  • EKS you have operated, not just used — node/pod networking, IRSA, admission control, upgrades, troubleshooting a broken rollout.
  • CI/CD security (the “Sec” in DevSecOps)
SAST/dependency/container scanning, secret scanning, supply-chain (SBOM, signing), policy-as-code, secrets hygiene. You have made a pipeline block on a finding.
  • Federal compliance fluency — NIST 800-53 / FISMA-Moderate; can map a control family (AU, CM, SC) to an actual implementation.
  • Writes clear PRs and reviews others’ code constructively.

Strongly preferred

  • Observability depth (OpenTelemetry, Prometheus/Grafana, SLO/errorbudget design).
  • Prior regulated/federal environment (NOAA/DoD/civilian agency, ATO process), clearance or Public-Trust history.
  • GitLab CI specifically, Argo CD, and Kubernetes runners.

GAMA-1 also offers a variety of benefits, including health insurance coverage, life and disability insurance, 401(k) savings plan, training and career development opportunities, paid holidays and paid time off (PTO - to cover vacation, illness or disability, appointments, emergencies or other situations that require time off from work). For more information click here.

ABOUT GAMA-1

GAMA-1 is a rapidly growing technology business that is based in Greenbelt, Maryland. GAMA-1 Technologies provides strategic information assurance, information security, and business enterprise and networking solutions to the Federal Government. Our success is based on the utilization of industry and agency standards, establishment of standardized processes, and IT Services expertise. At GAMA-1, we believe employees should grow, achieve, and develop just as the company grows, achieves, and develops. GAMA-1 is committed to providing our employees with opportunities for career advancement throughout their employment. For more information, visit www.gama1tech.com

GAMA-1 is an Equal Opportunity Employer and all qualified applicants will receive consideration for employment without regard to: veteran status, uniformed servicemember status, race, color, religion, sex, sexual orientation, gender identity, age, pregnancy (including childbirth, lactation and related medical conditions), national origin or ancestry, citizenship or immigration status, physical or mental disability, genetic information (including testing and characteristics), domestic violence victims, political orientation, status as a smoker or tobacco user, hairstyle, use of a service animal, education status, familial status, HIV/AIDS status, height, weight, reproductive healthcare decisions or any other category protected by federal, state or local law.

Apply once. Then go straight to the hiring manager.

After you apply, unlock the direct contact details of the people who actually make the call. A quick follow-up makes you 5x more likely to land an interview.

MR

Marcus Rivera

Chief Revenue Officer

m.rivera@company.com
linkedin.com/in/marcusrivera
Unlocked after you apply
·

Cloud DevOps Engineer Related jobs

Premium

Reach out to the hiring manager directly.

Gain access to the contact details of the hiring managers who actually decide, and reach out to network with them directly. That, plus more when you upgrade:

  • Full match report with fit score and gaps
  • Career diagnostics on how recruiters read you
  • Curated company matches and warm intros
  • 48h early access to new roles

Cancel anytime.