DevSecOps / Cloud Security Engineer

Project Overview:

The purpose of this is to procure qualified resource to design, implement, and enhance the State of Missouri's enterprise cloud security capabilities across multi-cloud environments. This includes advancing security architecture, automation, governance, and compliance to protect State data and systems. This engagement will support the development of scalable, policy-driven security solutions, including Infrastructure as Code (IaC), DevSecOps integration, identity and access management, and centralized monitoring. Additionally, this effort will strengthen enterprise security governance, including the establishment and enforcement of controls related to artificial intelligence (AI), automated decision-making systems, and emerging technologies.

Core Responsibilities

Infrastructure as Code (IaC)

• Build Terraform modules and reusable IaC templates
• Implement policy-driven infrastructure deployment standards
• Maintain secure and compliant cloud deployment automation

Security Automation

• Develop security automation scripts and workflows
• Build event-driven incident response automation
• Support orchestration and remediation workflows

DevSecOps & CI/CD Security

• Integrate security tools into CI/CD pipelines
• Implement vulnerability scanning and compliance validation
• Support automated DevSecOps processes

Monitoring & Alerting

• Implement logging, monitoring, and alerting solutions
• Support unified observability capabilities
• Configure cloud-native monitoring tools

Documentation & Operational Support

• Create technical implementation documentation
• Support operational runbooks
• Participate in knowledge transfer sessions
• Provide weekly/monthly status reporting

Top Skills:

• IAM
• Terraform
• Automation
• Monitoring
• DevSecOps
• Multi-cloud security

Experience Requirements

• 3+ years hands-on cloud security experience
• Experience with AWS, Azure, or GCP

5+ years' experience with:

• Terraform or equivalent IaC tools
• Network security
• Logging, monitoring, and alerting
• IAM implementation
• Strongly Evaluated Skills

Skills

Candidate Experience (Years)

Notes

Hands-on Cloud Security Experience (Required 3+ Years)

AWS / Azure / GCP Security

Terraform / CloudFormation / Infrastructure as Code (IaC) (Required 5+ Years)

CI/CD Security Integration

Security Automation Scripts & Workflows

IAM Configuration & Access Controls (Required 5+ Years)

Monitoring, Logging & Alerting Solutions (Required 5+ Years)

Security Scanning & Compliance Validation

Secure Cloud Networking / Network Security (Required 5+ Years)

Configuration Baselines & Policy-as-Code

Automated Incident Response & Remediation

Python / Bash / PowerShell Scripting

Security Tool Integration into CI/CD Pipelines

CSPM Platforms

AI/ML Security & Governance Exposure

Technical Documentation & Knowledge Transfer

Government / State Cloud Experience

AWS / Azure / GCP Certifications