Important note Our budget is $ 15-$18/hr exp- 5 years plus Time zone - 2 hours over lap in morning CST time zone ( 9 am -11:00 am ) monthly hours : 40 -50 hours per month Core Responsibilities 1️⃣ CI/CD & Deployment Ownership Design and maintain GitHub Actions workflows Automate Docker builds and ECR publishing Implement branch-based environment promotion (dev → QA → UAT → prod) Enforce production approval gates Implement rollback and health-check strategies Ensure zero manual production deployments Maintain full change traceability for audit purposes 2️⃣ Multi-Environment AWS Architecture Design secure, isolated environments: Strong segregation between dev, QA, UAT, and prod Separate Terraform state per environment Environment-specific secrets and databases Least-privilege IAM design Secure networking (VPC segmentation, private subnets) Controlled production access Ensure dev agility without compromising production integrity. 3️⃣ Infrastructure as Code (Terraform) Modular Terraform structure Remote state management (S3 + DynamoDB) CI-enforced plan/apply workflows Infrastructure change logging Version-controlled, reproducible environments Clear documentation of architecture 4️⃣ Logging, Monitoring & Audit Readiness Centralized structured log aggregation Log retention aligned with ISO 27001 CloudTrail and infrastructure activity monitoring Alerting for security and operational anomalies Access control for log visibility Deployment event logging Environment-level monitoring dashboards Logs must support forensic investigation and compliance evidence. 5️⃣ Security & Compliance Controls Implement technical controls aligned with ISO 27001 and future SOC 2: Least-privilege IAM enforcement MFA and access governance Secrets management and rotation strategy Encryption in transit and at rest Secure SDLC enforcement in CI/CD Dependency and container vulnerability scanning Backup and restore validation Infrastructure access auditing Change management enforcement Bonus Skill: Security Engineering Mindset The ideal candidate will also have strong cybersecurity fundamentals and be able to advise on: Secure service-to-service communication patterns API authentication and authorization boundaries Network segmentation strategy Zero-trust architecture concepts Threat modeling at the infrastructure layer Minimizing blast radius between services Secure secret exchange between services Audit trail integrity This role should be capable of acting as a security thought partner when designing how backend services communicate and how infrastructure enforces trust boundaries. Formal security engineering experience or certifications (e.g., CISSP, security-focused cloud certifications) are a strong plus but not required. Required Experience 6+ years in cloud infrastructure or DevOps engineering Deep AWS production experience Strong Terraform expertise CI/CD architecture design (GitHub Actions preferred) Experience securing infrastructure in financial or regulated environments Strong IAM and cloud security knowledge Experience designing multi-environment production systems Preferred / Bonus Experience Cybersecurity background or security engineering exposure Experience with threat modeling Experience implementing ISO 27001 or SOC 2 controls Experience with compliance automation platforms (e.g., Drata)