• Architect and scale robust, secure CI/CD pipelines, data integrations, and Infrastructure as Code (IaC) across project-based deployments. • Partner with development teams to seamlessly integrate, automate, and monitor security tool components within automated workflows. • Define guidelines and standards for AWS Cloud and Kubernetes environments, implementing advanced solutions for system security, backups, and redundancy. • Champion DevSecOps culture by mentoring junior/mid-level engineers, educating teams on modern tooling, and resolving complex configuration or performance issues. • Leverage Generative AI engineering tools (such as Claude, Gemini, Copilot) to accelerate the development of Infrastructure as Code (IaC), pipeline scripts, and automation workflows. • Optimize cloud infrastructure and container ecosystems to ensure cost-efficiency, scalability, and strict adherence to governance standards. • Drive engineering excellence by guiding the preparation of comprehensive technical documentation, processes, and procedures.

Role Description The DevOps Engineer is responsible for designing, implementing, and maintaining AWS cloud infrastructure, deployment automation, CI/CD pipelines, and operational reliability capabilities supporting the NexusNow multi-tenant SaaS hosting platform and its expanding product portfolio (such as Sentinel, DRIFT, Line Boss / xPlorate, and VELMA / Legal). This role will work closely with engineering, architecture, and operations teams to improve multi-tenant deployment velocity, infrastructure scalability, platform observability, and rigid tenant isolation safety boundaries. Key Responsibilities - Design, configure, and manage high-availability AWS cloud infrastructure (VPC layouts spanning 3 AZs with segregated public, application, and data tiers) using Infrastructure-as-Code (IaC) best practices. - Build and maintain scalable CI/CD pipelines supporting automated multi-tenant deployment workflows and immutable release paths. - Configure and manage AWS networking, egress-only NAT gateways, private EKS API endpoints, identity/access management (CASL architecture), and environment configuration. - Support AWS deployment automation, logging, alerting, and operational readiness, explicitly monitoring threat vectors emitted to Amazon CloudWatch and CloudTrail. - Partner with engineering teams to optimize the velocity and stability of application onboarding cycles (e.g., standardizing patterns learned during the VELMA / Legal launch). - Troubleshoot complex infrastructure, deployment, cross-tier networking, and multi-tenant isolation configuration anomalies. - Support automated data protection operations, verifying 30-day credential rotations via AWS Secrets Manager and automated snapshots within an isolated AWS Backup vault. - Contribute to core platform standards, compiling detailed operational runbooks to convert tribal knowledge into repeatable assets. - Participate in agile ceremonies including standups, backlog refinement, and retrospectives. - Enforce security and compliance requirements (e.g., SOC2 metrics) across all staging, performance, and production environments. Qualifications - Extensive (5+ years) hands-on experience in engineering, scaling, and debugging enterprise AWS infrastructure platforms. - Deep expertise with AWS CDK, Terraform, or CloudFormation templates, with a mandatory emphasis on using CDK to maintain modular cloud architectures. - Advanced experience building and maintaining automated deployment code workflows (specifically via GitHub Actions). - Mastery across AWS services powering multi-tenant frameworks, explicitly including: Amazon Cognito (multi-pool structures), Amazon Aurora PostgreSQL, Redis/ElastiCache, Amazon S3, CloudFront/AWS WAF, CloudWatch, EventBridge/SQS/Step Functions, and AWS Secrets Manager. - Solid understanding of multi-tenant security strategies, policy-based access layers (RBAC/ABAC), and network boundary definitions. - Experience tracing and debugging errors across heavily decoupled cloud systems and microservices. Nice to Have Skills - Experience in engineering enterprise-scale multi-tenant SaaS cloud platform hosting models. - Experience supporting containerized and serverless AWS workloads, with emphasis on Amazon EKS on Fargate running inside isolated private subnets. - Prior exposure to developer enablement practices and building automated onboarding templates to abstract platform complexity. - Experience maintaining infrastructure inside tightly audited, regulated, or security-sensitive environments (SOC2 alignment). Soft Skills - The ability to understand the daily frustrations of application development teams and approach infrastructure as a service that enables—rather than blocks—their engineering velocity. - Maintains extreme clarity, calm focus, and structured communication during high-pressure platform outages or deployment rollbacks before escalating to Slalom’s Incident Command. - Possesses the open, friction-free communication style needed to pair directly with the Brazil team (OE) to absorb complex cloud infrastructure topologies and code patterns.

Role Description This role is remote and can be worked from any US location, though preference is eastern time zone. The Cisco Secure Workload team is at the forefront of data center and cloud security. Our platform provides comprehensive, automated, policy-based security for multi-cloud environments, delivering deep visibility, micro-segmentation, and advanced threat detection. By leveraging sophisticated analytics and machine learning, we empower organizations to protect their workloads, ensuring compliance and operational resilience within increasingly complex, distributed infrastructures. Your Impact: - As a Senior Security Engineering & Compliance Lead, you will bridge the gap between technical infrastructure and regulatory rigor. - You will manage the implementation of security frameworks (SOC, ISO, NIST, etc) with automated compliance pipelines, hardened identity systems, and risk-mitigation strategies. - This role is for a hands-on engineer who views compliance as a technical problem to be solved through automation, robust system design, and proactive threat engineering. Engineering Compliance & Audit Automation - Architect Compliance-as-Code: Design and implement automated controls to satisfy security compliance requirements, reducing manual evidence collection through system integration. - Audit Readiness Engineering: Conduct technical gap assessments of infrastructure and applications; design remediation plans that integrate directly into the CI/CD pipeline. - Evidence Orchestration: Build and maintain automated data pipelines to provide real-time visibility into control effectiveness for auditors and stakeholders. Security Operations & Incident Engineering - Detection Engineering: Oversee security alert queues, prioritizing high-severity risks and engineering automated response playbooks to resolve incidents. - Incident Simulation: Facilitate and document technical incident response tabletop exercises, using the findings to engineer more resilient system architectures and automated recovery processes. - Documentation as Code: Maintain technical documentation and incident logs that serve as the "source of truth" for audit requirements. Identity & Access Engineering (IAM) - IAM Hardening: Engineer and enforce automated user access reviews and segregation-of-duties (SoD) testing. - Privileged Access Management (PAM): Audit and optimize privileged account controls, implementing technical guardrails to minimize the blast radius of unauthorized access. Risk & Vulnerability Engineering - Vulnerability Lifecycle Management: Perform deep-dive vulnerability analyses on enterprise infrastructure; engineer automated patch management and configuration hardening workflows. - Risk-Based Prioritization: Quantify business impact through technical risk assessments, collaborating with engineering teams to implement corrective technical controls rather than just policy-based fixes. Qualifications - Bachelor’s degree in Computer Science, Cybersecurity, or related technical field with 8+ years of experience; or a Master’s degree with 6+ years. - Experience with security engineering in cloud-native environments (AWS/Azure/GCP) and infrastructure-as-code (Terraform/Ansible). - Experience working with technical security controls and regulated compliance frameworks such as SOC, ISO, etc. Requirements - Python, Go, or Bash scripting/programming for security automation or log analysis. - Hands-on experience building "Compliance-as-Code" solutions. - Certifications such as CCSP, CCSK, OSCP, cloud or security specific certifications. - Experience with SIEM/SOAR engineering and automated incident response orchestration. - Strong understanding of zero trust architecture and micro-segmentation engineering. Benefits - Medical, dental and vision insurance. - 401(k) plan with a Cisco matching contribution. - Paid parental leave. - Short and long-term disability coverage. - Basic life insurance. - 10 paid holidays per full calendar year, plus 1 floating holiday for non-exempt employees. - 1 paid day off for employee’s birthday, paid year-end holiday shutdown, and 4 paid days off for personal wellness determined by Cisco. - 16 days of paid vacation time per full calendar year for non-exempt employees. - Flexible vacation time off program for exempt employees. - 80 hours of sick time off provided on hire date and each January 1st thereafter. - Optional 10 paid days per full calendar year to volunteer.

• Collaborate with Cyber teams to maintain and monitor system availability, performance, and logs using enterprise tools • Leverage industry standards to build out automation workflows • Travel up to 10% (domestic) to other RTX locations