Key skills
PythonAWSAzureGCPTerraformKubernetesDockerJenkinsGitHub ActionsAnsibleServerlessECSFargateCloudFormationEC2LambdaDynamoDBRDSIAMSNSSQSCodePipelinePrismaPrometheusGrafanaSplunkGitHubLoad BalancingCI/CDNetwork SecurityCloud SecurityZero Trust
About this role
Stand Together is a philanthropic community that helps America’s boldest changemakers tackle the root causes of the country’s biggest problems. They are seeking a highly skilled and security-minded Senior DevSecOps Engineer to design, build, and secure their cloud infrastructure and software delivery pipelines, while embedding security controls into CI/CD processes and driving compliance automation.
Responsibilities:
- Establish and enforce cloud security standards, identity & access management (IAM) policies, and network security controls across AWS and Azure
- Implement continuous compliance and security monitoring aligned to the AWS Well-Architected Framework and industry standards (CIS, NIST, ISO)
- Design automated guardrails for vulnerability management, patching, and secrets management
- Architect and maintain CI/CD pipelines with built-in security testing (SAST/DAST), artifact signing, and policy enforcement
- Develop Infrastructure-as-Code (IaC) using Terraform, CloudFormation, CDK, or Ansible to ensure repeatable, secure deployments
- Build and maintain containerized environments (Docker, Kubernetes, ECS, Fargate) with hardened images and runtime security controls
- Partner with software, data, and business teams to integrate security best practices into application design and deployment
- Act as a trusted advisor on cloud security strategy, incident response, and disaster recovery
- Coach engineers on secure coding, DevSecOps patterns, and operational excellence
- Able to clearly communicate the value of new initiatives to secure cross-functional adoption
- Enthusiasm to contribute to Stand Together's vision and principled approach to solving problems, and a commitment to stewarding our culture, which champions values including transformation and innovation, entrepreneurialism, humility, and respect
Requirements:
- 5+ years in Cloud/DevOps/Platform engineering with a strong focus on security and automation
- Deep knowledge of AWS services (EC2, RDS, DynamoDB, Lambda, SQS/SNS, ECS/ECR, Security Hub, etc.) and equivalent technologies in Azure and GCP
- Strong understanding of IAM, network security, encryption (KMS), key rotation, and secrets management
- Experience with vulnerability scanning tools (e.g., Security Hub, Inspector, Aqua, Prisma, or similar) and compliance frameworks
- Familiarity with container security and supply chain security practices
- Proficiency with Terraform, Ansible, Cloud Development Kit (CDK), or similar
- Demonstrated proficiency in threat detection, log aggregation, and incident response using Splunk and alternative SIEM tools
- Proficiency in Python or another high-level language for automation and custom tooling
- Experience with Jenkins, GitHub Actions, CodePipeline, or similar, plus observability tools (Prometheus, Grafana, ELK/EFK)
- Strong Linux/Unix command-line skills and solid grasp of TCP/IP, DNS, VPNs, firewalls, and load balancing
- AWS Certified Solutions Architect, Security Specialty, or DevOps Engineer - Professional
- Experience with Zero Trust principles, cloud-native application security, or serverless security
- Background in incident response or security operations