Senior DevOps AWS Engineer IRC273728
Description
GL Healthcare Division Program is looking for a DevOps Engineer to join the team focused on FedRamp certification of the mission-critical medical data processing system.
We have a trustworthy relationship with the Client, a multi-national MedTech corporation we have been cooperating with for 20 years.
Skillset Requirements:
- AWS: EC2, ECS, Lambda, DynamoDB, SSM, IAM, RDS, KMS, VPC, GuardDuty, Security Hub, AWS Config, CloudTrail
- Security Tools: Orca Security (Gov), Tenable One (Gov), CrowdStrike (Gov), Datadog (Gov)
- Hardening: DISA STIG, CIS Benchmarks, container image scanning (e.g., RapidFort)
- Automation: Terraform, CloudFormation, GitHub Actions or similar CI/CD, Ansible (optional)
- SSP Support: Ability to generate technical evidence, screenshots, and system descriptions.
Nice to have:
FedRAMP Awareness: Experience with FedRAMP Moderate/High controls, boundary isolation, FIPS-validated tools
Job responsibilities
The DevOps Engineer will be responsible for designing, deploying, and hardening AWS GovCloud infrastructure to meet FedRAMP Moderate requirements. This role will work closely with the FORCE team, compliance analysts, and tool vendors to ensure security controls are implemented correctly, documented properly, and ready for 3PAO audit evidence collection. The engineer will also support tool integrations (CSPM, logging, endpoint protection) and enforce secure-by-default configurations using IaC and automation.
Example Responsibilities:
- Provision and configure AWS GovCloud infrastructure using Terraform:
- Deploy SSM-managed EC2 instances with FIPS mode enabled
- Set up GovCloud-native services: IAM, VPC, RDS, KMS, S3, Security Hub, GuardDuty
- Implement least privilege IAM policies and secure networking (NACLs, SGs)
- Support Docker and Windows OS hardening:
- Integrate container scanning with RapidFort for base image hardening
- Build EC2 Image Builder pipeline or Ansible-based automation to apply Windows Server 2022 DISA STIGs
- Validate hardened AMIs and Docker images in LIFENET test environment
- Deploy and validate FedRAMP-required tools:
- Onboard AWS accounts into Orca Security (Gov)
- Integrate scanning into CI/CD pipeline for infrastructure and app layers
- Configure CrowdStrike Falcon (Gov) for endpoint protection and FIM coverage on EC2
- Implement centralized logging and monitoring in GovCloud:
- Deploy and configure Datadog (GovCloud) to collect OS logs, metrics, and audit events
- Ensure all services are using FIPS-compliant agents and TLS 1.2+ encryption
- Integrate with AWS-native logging (CloudTrail, Config, CloudWatch) for full visibility
- Support security control testing and SSP documentation efforts:
- Assist compliance analyst with generating technical evidence (screenshots, config exports)
- Validate security control implementations for MFA, encryption in transit/at rest, boundary isolation
- Document boundary architecture changes and contribute to Coalfire SSP artifact collection.