Kopius is seeking a skilled, hands-on Sr. DevOps Engineer to join their team leading critical cloud security remediation efforts within a complex, multi-account AWS environment. This role involves executing IAM tag fixes, permission right-sizing, and stale-identity/secrets remediation across production pipelines.
Responsibilities:
- IAM Remediation Execution: Perform hands-on tag fixes, permission right-sizing, and stale-identity/secrets remediation across multi-account AWS pipelines
- IAM Policy Management: Design, review, and optimize AWS IAM roles, policies (managed & inline), trust policies, permission boundaries, STS/AssumeRole flows, and Service Control Policies (SCPs)
- Automation & Scripting: Build and maintain automated remediation scripts using Python + boto3, AWS CLI, and Bash to analyze findings and enforce least-privilege at scale
- Infrastructure as Code: Implement and deploy remediations directly into application teams' IaC pipelines using Terraform and/or CloudFormation / AWS CDK — no console fixes
- CI/CD Pipeline Integration: Integrate security controls and remediation workflows into CI/CD pipelines (GitLab CI, GitHub Actions, Jenkins, AWS CodePipeline) with Git-based change management
- Access Analysis & Audit: Leverage CloudTrail log analysis, IAM Access Analyzer, and Access Advisor to determine actual usage patterns and validate or dismiss false positives
- Secrets Remediation: Manage and remediate secrets-related findings using AWS KMS, SSM Parameter Store, and Secrets Manager
- Cross-Team Collaboration: Work directly with application owners, platform teams, and security stakeholders to align on remediation plans and ensure smooth execution without disrupting workloads
- Security Posture Monitoring: Utilize CIEM/cloud security tools (Wiz, Prisma Cloud, AWS Config) to assess posture, track remediation progress, and validate outcomes
- Tagging Strategy: Design and implement enterprise-wide tagging strategies including Attribute-Based Access Control (ABAC) at scale across AWS Organizations
Requirements:
- Must be legally authorized to work in the United States
- Strong written and verbal communication skills, with the ability to present clearly to technical and non-technical audiences
- Self-motivated, quick learner, and adaptable to new technologies and legacy systems
- Thrives in a team environment, actively contributes to collaboration, fostering a sense of community
- Excellent problem-solving and analytical skills, with a keen eye for detail and a proactive approach to issue resolution
- Strong sense of accountability and ownership over deliverables and outcomes
- Ability to translate security findings into actionable remediations and communicate risk clearly to technical and non-technical audiences
- Self-directed operator — able to hit the ground running on a time-bound engagement with minimal ramp
- 3–5+ years of hands-on AWS DevOps or cloud engineering experience with a strong focus on IAM, security remediation, and automation
- Deep, hands-on AWS IAM expertise — roles, policies (managed & inline), trust policies, STS/AssumeRole, access keys, permission boundaries, and SCPs (this is the heart of the role)
- Proven experience managing identity and access across complex multi-account AWS environments and AWS Organizations
- Strong Python + boto3 development skills for building remediation tooling, plus AWS CLI and Bash proficiency
- Hands-on proficiency with Terraform and/or CloudFormation / AWS CDK — critical for pipeline-based remediations
- Practical experience integrating security and IaC workflows into modern CI/CD pipelines (GitLab CI, GitHub Actions, Jenkins, or AWS CodePipeline) with Git-based change management
- Ability to analyze usage data, audit logs, and Access Advisor reports using CloudTrail and IAM Access Analyzer to assess actual permissions usage and validate findings
- Direct experience with account-level SCPs and cross-account role assumptions
- Currently set up as an independent contractor in the U.S. (EIN or SSN, ability to invoice, manage own taxes and insurance)
- Bachelor's degree in Computer Science, Information Systems, Engineering, or a related field (or equivalent professional experience)
- Experience in the insurance industry or other regulated environments
- Hands-on experience with CIEM/cloud security tools (Wiz, Prisma Cloud, AWS Config)