Position: Sr. DevSecOps/SRE
Location: 100% Remote
Duration: 6 month contract with possibility to extend
Start: ASAP
Our client s seeking a Senior DevSecOps/Site Reliability Engineer to architect, automate, and operate secure, compliant, and cost-optimized cloud environments for the NBS modernization platform. You will standardize DevSecOps patterns across Azure (AKS) and AWS (EKS), build GitOps workflows with Argo CD, and implement secure CI/CD pipelines with GitHub Actions and Terraform/Helm. This is a hands-on engineering role that defines the golden path for all JMC projects—automating provisioning, enforcing security policies, optimizing costs, and ensuring resilience for HIPAA- and NIST-aligned workloads.
Key Responsibilities
· Design, deploy, and maintain multi-environment AKS and EKS clusters, including node pools, autoscaling, and private networking.
· Standardize Terraform + Helm modules for cross-cloud provisioning, secrets management, and network baselines.
· Build Argo CD App-of-Apps pipelines for environment promotion and policy-based synchronization.
· Create GitHub Actions workflows using OIDC federated identity, including build, scan, sign, SBOM, and deployment stages.
· Implement Azure Defender and AWS Security Hub / Inspector; integrate OPA Gatekeeper or Kyverno for cluster policy enforcement.
· Deploy Azure Monitor, Managed Prometheus/Grafana, and AWS CloudWatch / OpenTelemetry pipelines with shared dashboards.
· Automate right-sizing, spot-pool scaling, and retention policies; create FinOps dashboards and budget alerts.
· Map IaC and CI/CD controls to HIPAA / NIST 800-171 / FedRAMP evidence.
· Write runbooks, disaster-recovery procedures, and reusable templates for developers.
Required Qualifications
· 5+ years in DevOps / SRE roles operating Kubernetes in production.
· Hands-on experience with AKS and EKS, Terraform, Helm, and Argo CD.
· Expertise in GitHub Actions (build/test/scan/deploy) and cloud IAM/OIDC.
· Strong understanding of containerization, networking, autoscaling, and observability.
· Proficiency in scripting (Python, Bash, PowerShell).
· Knowledge of HIPAA, NIST 800-171, or FedRAMP security standards.
US Citizen or Green Card required
Preferred Qualifications
· Experience with both Azure and AWS network/security stacks.
· Familiarity with OPA Gatekeeper, Kyverno, and admission-control policies.
· Working knowledge of FinOps, cost analysis, and infrastructure efficiency.
· Prior work supporting public-health / government cloud programs.
Success Indicators
· Within 90 days: baseline AKS/EKS clusters operational via Terraform + Argo CD.
· Developer onboarding time
· 25–40% reduction in runtime and tooling costs through native integrations and automation.
· Security posture visible and auditable across both clouds.
Core Stack OverviewLayerTools / Services (Azure + AWS)NotesCloud PlatformAzure (AKS, ACR, Key Vault) / AWS (EKS, ECR, KMS, Secrets Manager)Private clusters, managed identitiesIaC / TemplatesTerraform + HelmShared modules, environment overlaysGitOps / CDArgo CD (App-of-Apps)Cross-cloud sync, policy gatesCI / BuildGitHub Actions + OIDCSBOM → scan → sign → deploySecurityAzure Defender, Security Hub, OPA/KyvernoNative first, compliance mappedObservabilityAzure Monitor + Prometheus/Grafana / CloudWatch + OpenTelemetryUnified dashboardsDR / BackupVelero → Azure Blob / S3Cross-region restoreCost / FinOpsNative budgets + tagging / cost explorerRuntime + storage optimizationAutomationPython/Bash scripts + GitHub Actions cron jobsDaily policy/health checks
