AHEAD builds platforms for digital business. By weaving together advances in cloud infrastructure, automation and analytics, and software delivery, we help enterprises deliver on the promise of digital transformation.
At AHEAD, we prioritize creating a culture of belonging, where all perspectives and voices are represented, valued, respected, and heard. We create spaces to empower everyone to speak up, make change, and drive the culture at AHEAD.
We are an equal opportunity employer, and do not discriminate based on an individual's race, national origin, color, gender, gender identity, gender expression, sexual orientation, religion, age, disability, marital status, or any other protected characteristic under applicable law, whether actual or perceived.
We embrace all candidates that will contribute to the diversification and enrichment of ideas and perspectives at AHEAD.
As a DevSecOps Engineer, you will work closely with our platform and application engineers to build out robust, secure AWS environments. You won't just be maintaining pipelines; you will be architecting foundational Terraform modules, enforcing strict IAM and network security baselines, and building observability tools to catch security violations before they become incidents.
You will also play a critical role in standardizing our software development life cycle (SDLC) and optimizing developer tooling, including configuring agentic workflow standards for AI-assisted development.
Responsibilities
Infrastructure as Code (IaC): Architect, deploy, and maintain complex AWS environments using Terraform. Consolidate and manage Terraform state files, module composition, and cross-stack resource references.
Security Engineering & IAM: Enforce least-privilege IAM policies, manage strict Security Group routing, and implement defense-in-depth security features (e.g., CloudFront WAF Web ACLs, Content Security Policy (CSP) violation reporting endpoints).
CI/CD & Automation: Design and optimize GitHub Actions workflows for continuous integration and continuous deployment. Manage complex build pipelines for serverless architectures (Python/Lambda) and frontend single-page applications.
Observability & Incident Response: Build CloudWatch dashboards, configure metric filters, and set up automated alerting for operational and security events. Author comprehensive deployment guides, operational runbooks, and disaster recovery processes.
Developer Enablement: Establish and maintain SDLC standards. Optimize local developer environments and AI-assisted tooling configs (e.g., Cursor rules, dev containers) to reduce token overhead and enforce secure coding practices.
Qualifications
Experience: 5+ years in DevOps, Cloud Engineering, or DevSecOps roles.
Cloud Platform: Deep expertise in AWS, specifically with serverless computing (Lambda, API Gateway), networking/routing (CloudFront, WAF, VPCs), and event-driven architecture (EventBridge).
Infrastructure as Code: Advanced proficiency with Terraform. You should be comfortable managing complex state migrations, module extractions, and zero-drift deployments.
Security-First Mindset: Strong understanding of AWS IAM (custom policies, service roles, boundary policies), network security, and application-layer protections like WAF and CSP headers.
CI/CD Tooling: Extensive experience building declarative pipelines using GitHub Actions, including custom composite actions and build artifact management.
Scripting/Languages: Strong scripting skills in Bash and Python. Experience managing Python dependencies (e.g., uv, pip) for serverless packaging.