Kopius | CareersRemote
Sr DevOps Engineer
United States of America
Full Time
5 hours ago
H1B Sponsor Likely
Key skills
AWS IAMAWS OrganizationsPythonboto3AWS CLIBashTerraformCloudFormationAWS CDKGitLab CIGitHub ActionsJenkinsAWS CodePipelineGit version controlCloudTrailIAM Access AnalyzerAccess AdvisorAWS KMSSSM Parameter StoreAWS Secrets ManagerCIEM toolsPrisma CloudAWS ConfigAttribute-Based Access Control (ABAC)AWSIAMCodePipelinePrismaGitGitHubGitLabCI/CDChange ManagementCollaborationCloud Security
About this role
Kopius is seeking a skilled, hands-on Sr. DevOps Engineer to join our team and lead critical cloud security remediation efforts within a complex, multi-account AWS environment. This role is centered on executing IAM tag fixes, permission right-sizing, and stale-identity/secrets remediation across production pipelines.
Responsibilities:
- IAM Remediation Execution: Perform hands-on tag fixes, permission right-sizing, and stale-identity/secrets remediation across multi-account AWS pipelines
- IAM Policy Management: Design, review, and optimize AWS IAM roles, policies (managed & inline), trust policies, permission boundaries, STS/AssumeRole flows, and Service Control Policies (SCPs)
- Automation & Scripting: Build and maintain automated remediation scripts using Python + boto3, AWS CLI, and Bash to analyze findings and enforce least-privilege at scale
- Infrastructure as Code: Implement and deploy remediations directly into application teams' IaC pipelines using Terraform and/or CloudFormation / AWS CDK — no console fixes
- CI/CD Pipeline Integration: Integrate security controls and remediation workflows into CI/CD pipelines (GitLab CI, GitHub Actions, Jenkins, AWS CodePipeline) with Git-based change management
- Access Analysis & Audit: Leverage CloudTrail log analysis, IAM Access Analyzer, and Access Advisor to determine actual usage patterns and validate or dismiss false positives
- Secrets Remediation: Manage and remediate secrets-related findings using AWS KMS, SSM Parameter Store, and Secrets Manager
- Cross-Team Collaboration: Work directly with application owners, platform teams, and security stakeholders to align on remediation plans and ensure smooth execution without disrupting workloads
- Security Posture Monitoring: Utilize CIEM/cloud security tools (e.g., Wiz, Prisma Cloud, AWS Config) to assess posture, track remediation progress, and validate outcomes
- Tagging Strategy: Design and implement enterprise-wide tagging strategies including Attribute-Based Access Control (ABAC) at scale across AWS Organizations
Requirements:
- 3–5+ years of hands-on AWS DevOps or cloud engineering experience with a strong focus on IAM, security remediation, and automation
- Proven ability to write and maintain production-grade Terraform and/or CloudFormation / CDK code
- Strong Python + boto3 development skills for building remediation tooling; AWS CLI and Bash proficiency
- Direct experience with AWS Organizations, account-level SCPs, and cross-account role assumptions
- Practical experience integrating security and IaC workflows into modern CI/CD pipelines
- Excellent written and verbal English skills; comfortable working daily with U.S.-based engineering and security teams
- Ability to translate security findings into actionable remediations, distinguish true positives from false positives, and communicate risk clearly
- Bachelor's degree in Computer Science, Information Systems, Engineering, or a related field (or equivalent professional experience)