Total Experience: 8+ years
Relevant Experience: 5+ years (min. 2 yrs in lead/architect capacity)
Primary Platform: Amazon Web Services (AWS)
Engagement Type: Enterprise production, multi-region, regulated cloud environments
Required Certification: AWS Certified DevOps Engineer – Associate or Professional (minimum requirement for this senior role)
ABOUT THE ROLE & ORGANISATION
Together with our client, we are building a secure, enterprise-grade AWS platform that supports critical business operations at scale, where reliability, security, and delivery speed directly impact outcomes.
Our DevSecOps team owns the infrastructure lifecycle, including IaC, CI/CD, Kubernetes, observability, security, and developer experience, in close partnership with engineering, security, and operations teams.
ROLE OVERVIEW
The Senior AWS Cloud DevSecOps Engineer owns secure, scalable, and highly available AWS infrastructure, defining standards, reference patterns, and delivery direction for the DevOps team.
The role combines platform engineering, automation, CI/CD, observability, security, and leadership in enterprise, regulated environments to improve reliability, deployment speed, and cloud security.
KEY SKILLS & TECHNOLOGY STACK
Category
Technologies / Tools
Cloud Platform
Amazon Web Services (AWS)
AWS Core Services
EKS, API Gateway, ALB / NLB, CloudFront, VPC, AWS PrivateLink, Secrets Manager, KMS, SQS, SNS, Amazon Kinesis, S3, RDS / Aurora
IaC & Automation
Terraform (modular, remote state, env separation), AWS CDK, Bash, PowerShell, Python
CI/CD
AWS CodePipeline, CodeBuild, CodeDeploy, GitHub Actions, GitLab CI/CD, Jenkins
Containers & K8s
Amazon EKS, Helm, Docker, Fargate, Service Mesh (Istio / Linkerd — advantage), GitOps: ArgoCD / Flux
Observability
Amazon CloudWatch, AWS X-Ray, AWS CloudTrail, OpenSearch / ELK, Datadog / Dynatrace (full-stack APM)
Security & Identity
AWS IAM, IAM Identity Center (SSO), IRSA, Secrets Manager, KMS, AWS Config, Security Hub, GuardDuty, Macie, Inspector, WAF, Shield, Security Groups, VPC Endpoints
Vulnerability Mgmt
AWS Inspector, Qualys, cloud compliance & posture management tooling
Networking
VPC, Subnets, Security Groups, NACLs, Route 53, PrivateLink, Transit Gateway, ALB / NLB, CloudFront
FinOps
AWS Cost Explorer, AWS Budgets, Compute Optimizer, Savings Plans, Reserved Instance planning
KEY RESPONSIBILITIES
Cloud Architecture & Platform Ownership
-
Own the AWS DevSecOps roadmap, engineering standards, and reusable reference patterns.
-
Design Terraform and AWS CDK modules for production-grade, multi-region infrastructure.
-
Govern core AWS services including EKS, API Gateway, ALB/NLB, CloudFront, VPC, PrivateLink, Secrets Manager, KMS, SQS, SNS, and Kinesis.
-
Standardise infrastructure, configuration, and environment parity across production, staging, and development.
-
Apply FinOps practices using AWS Cost Explorer, Compute Optimizer, Savings Plans, and related tooling.
CI/CD & Delivery Engineering
-
Build and operate reusable CI/CD pipelines with AWS CodePipeline, CodeBuild, CodeDeploy, GitHub Actions, GitLab CI/CD, or Jenkins.
-
Embed security checks such as SAST, secret scanning, and container image scanning into delivery workflows.
-
Use ArgoCD or Flux for declarative, auditable Kubernetes delivery on EKS.
Kubernetes & Container Platform
-
Manage Amazon EKS clusters, ingress, autoscaling, Karpenter, and service mesh adoption where applicable.
-
Maintain Helm libraries and containers build pipelines for multi-environment delivery via Amazon ECR.
-
Troubleshoot Kubernetes issues, perform root-cause analysis, and implement scalable fixes.
Observability & Reliability
-
Drive observability with CloudWatch, X-Ray, OpenSearch, Datadog, or Dynatrace for tracing, dashboards, SLOs, and alerts.
-
Define reliability standards, error budgets, incident response practices, and blameless postmortems.
-
Improve reliability and deployment efficiency through proactive monitoring and automated remediation.
Security & Compliance (DevSecOps)
-
Embed security across IAM, secrets, encryption, network controls, and CI/CD workflows.
-
Manage cloud security posture using IAM Identity Center, IRSA, AWS Config, Security Hub, GuardDuty, Macie, Inspector, WAF, Shield, and VPC Endpoints.
-
Support vulnerability remediation, cloud governance, and compliance requirements such as SOC 2, PCI-DSS, HIPAA, or FedRAMP where applicable.
-
Resolve compute, storage, IAM, and public access findings as part of ongoing cloud security operations.
Leadership & Collaboration
-
Lead and mentor the DevSecOps team while reinforcing ownership, standards, and continuous improvement.
-
Partner with engineering, product, security, and business stakeholders to improve developer experience and delivery outcomes.
-
Communicate technical trade-offs clearly and maintain practical architecture and platform documentation.
REQUIRED QUALIFICATIONS
-
5+ years in DevOps, Cloud, or SRE, including 2+ years in a lead or architect role.
-
Hands-on production AWS experience with EKS, API Gateway, ALB/NLB, CloudFront, VPC, PrivateLink, Secrets Manager, KMS, SQS, SNS, and Kinesis.
-
Strong Terraform skills, including modular design, remote state, and environment separation; AWS CDK is a plus.
-
Production Kubernetes experience with Amazon EKS, Helm, and containerized applications.
-
CI/CD experience with CodePipeline, CodeBuild, CodeDeploy, GitHub Actions, GitLab CI/CD, or Jenkins.
-
Strong AWS networking, security, identity, scripting, troubleshooting, and production support skills.
-
Experience in enterprise, multi-region AWS environments and ability to explain technical trade-offs to stakeholders.
-
AWS Certified DevOps Engineer – Associate or Professional is mandatory.
PREFERRED QUALIFICATIONS
-
Exposure to Azure or GCP alongside AWS.
-
Experience with GitOps, Datadog/Dynatrace, FinOps, vulnerability management, or service mesh technologies.
-
Exposure to regulated, financial services, or global operational environments.
-
Graduate or postgraduate degree, or equivalent qualification.
CERTIFICATIONS
Required (Senior Level)
DOP-C02
AWS Certified DevOps Engineer – Professional
Mandatory — minimum for this role
DVA-C02 *
AWS Certified DevOps Engineer – Associate
Accepted with 3+ yrs demonstrated production AWS experience
Strongly Recommended
SAA-C03
AWS Certified Solutions Architect – Associate
Core AWS platform breadth
SAP-C02
AWS Certified Solutions Architect – Professional
Architect-level depth
CKA
Certified Kubernetes Administrator
EKS cluster operations
Advantageous
SCS-C02
AWS Certified Security – Specialty
Deep DevSecOps coverage
TF-003
HashiCorp Terraform Associate / Professional
IaC best practices
CKAD
Certified Kubernetes Application Developer
Complementary to CKA
—
Datadog / Dynatrace Professional Certification
Observability depth
—
GitLab / GitHub Actions Certified CI/CD Professional
Pipeline expertise
