Position Summary
The Simple VUE (TSV) is seeking a DevOps Engineer to own the build, automation, and security posture of the secure cloud platforms we deliver for government and public-sector clients. Many of these environments handle sensitive, regulated data, so security is not a feature of this role — it is the role.
Our platforms run in secure AWS cloud environments and are built on modern application stacks, with the expectation that the client can self-manage the environment after delivery. The DevOps Engineer is responsible for ensuring that everything provisioned, deployed, monitored, and recovered meets CJIS, NIST 800-53, and other applicable security frameworks — and that those controls are documented and repeatable so the client inherits a hardened, auditable environment at handoff.
Security & Compliance — Core to This Role
We are specifically looking for an engineer with hands-on experience building and operating environments under criminal-justice and federal security frameworks. This is the most important qualification for the position. Candidates should demonstrate direct, practical experience with:
- CJIS Security Policy — Configuring and operating cloud environments to meet the FBI CJIS Security Policy: advanced authentication / MFA, audit and accountability, encryption requirements, personnel security, media protection, and incident response — ideally in an AWS context.
- NIST 800-53 (Moderate baseline) — Implementing, documenting, and evidencing NIST 800-53 controls, and supporting System Security Plans (SSPs) and security assessments that can be produced on demand.
- Data residency & access control — Keeping regulated data within the required jurisdiction, restricting access to eligible personnel, and enforcing role-based access control (RBAC), least privilege, and SSO/MFA across environments.
- Encryption & secrets management — AES-256 encryption at rest and TLS 1.2+ in transit; centralized secrets management with rotation; and key management using cloud-native services.
- Incident response — Supporting an incident-response process capable of meeting contractual breach-notification timelines, with defined escalation and forensics-friendly logging.
- Continuous security validation — Embedding SAST, dependency and container image scanning, and DAST into the pipeline; supporting periodic compliance audits and vulnerability assessments and remediating findings.
Key Responsibilities
- Provision and maintain development, staging, and production AWS environments using Infrastructure as Code, built for client self-management after delivery.
- Design and operate CI/CD pipelines with integrated security scanning and production releases gated behind manual approval.
- Implement structured logging, monitoring, alerting, and threat detection that support audit and data-retention requirements.
- Build and test disaster recovery and backup solutions to defined RPO/RTO targets, with documented runbooks.
- Support secure integrations with enterprise and third-party systems via APIs.
- Produce architecture and operations documentation and support knowledge transfer for client self-sufficiency after handoff.
Required Qualifications
- 7+ years of DevOps / cloud engineering experience, including 5+ years of hands-on AWS engineering — ideally delivering and operating systems in secure or regulated environments.
- Prior experience on CJIS-regulated or government / public-sector engagements.
- Proven, hands-on experience implementing CJIS and NIST 800-53 controls in a cloud environment — not just awareness, but practical configuration and documentation/evidence experience.
- Strong AWS engineering background: IaC, compute, load balancing, managed databases, storage, VPC networking, monitoring/threat detection, key management, secrets management, and DR tooling.
- Experience designing and operating CI/CD pipelines with integrated security scanning (SAST, container/image scanning, and DAST).
- Practical experience implementing encryption (AES-256 at rest, TLS 1.2+ in transit), SSO/MFA, and RBAC / least-privilege access models.
- Experience building disaster recovery and backup solutions to defined RPO/RTO targets, with tested runbooks.
- Familiarity supporting modern application stacks in a deployment and operations capacity.
- Excellent documentation skills and the ability to produce audit-ready artifacts and operations runbooks.
Eligibility & Work Conditions
- Must be a U.S. Citizen or Lawful U.S. Permanent Resident
- Must be able to complete and maintain CJIS-related background screening (e.g., fingerprint-based state and federal checks).
- Must work 100% onshore within U.S. jurisdiction
- Must be available during standard U.S. business hours to support project and client needs.
Preferred Qualifications & Certifications
Preferred Certifications
- AWS Certified DevOps Engineer or AWS Certified Solutions Architect.
- AWS Certified Security – Specialty.
Additional Certifications (Optional / a Plus)
- CompTIA Security+.
- (ISC)² CISSP or CCSP.
- Other security or compliance certifications commonly seen in CJIS / public-sector contexts.
Preferred Experience
- Experience operating within managed AWS accounts and handing environments off to a client for self-management.
- Familiarity with container orchestration, mobile device management (MDM), and BI/reporting deployment in a Microsoft-oriented estate.
Pay: $107,066.31 - $128,940.07 per year
Benefits:
Application Question(s):
- How many years of hands-on AWS engineering experience do you have?
- How many years of DevOps or cloud engineering experience do you have overall?
- Do you have hands-on experience implementing CJIS and/or NIST 800-53 security controls in a cloud environment?
- Are you a U.S. Citizen or Lawful U.S. Permanent Resident, and able to work 100% onshore within the United States?
- Are you able to pass a fingerprint-based state and federal (CJIS) background check?
Work Location: Remote
