Senior DevSecOps Engineer

About AccuSourceHR

AccuSourceHR™ is a full-service employment screening organization headquartered in Phoenix, Arizona. Since 1999, we've combined innovative technology with high-quality, US-based client care. Our culture is built on collaboration, continuous learning, and a commitment to excellence, ensuring our team members feel valued, supported, and empowered.

Role Summary

Why this role matters

We acquired a production .NET platform currently running on Azure. Now we're migrating it to AWS — and using the move to raise the bar on security, reliability, cost control, and developer speed. This is a high-ownership role: you’ll define the target AWS architecture, build the landing zone, design the migration plan, and lead the cutover — ending with a platform that’s easier to operate, scale, and improve.

What you’ll own

• Azure to AWS migration (end-to-end)Inventory Azure services, map dependencies, and identify Azure-specific components (Service Bus/queues, Blob Storage, Key Vault, App Configuration, Azure AD/Entra, App Services patterns).Produce a phased migration plan with sequencing, risks, rollback paths, and success criteria.Move containerized .NET/ASP.NET APIs to AWS ECS on Fargate using blue/green or canary rollouts; make deliberate calls on Windows vs Linux containers.Migrate relational data to Amazon RDS (SQL Server and/or MySQL/Aurora) with integrity validation, performance baselines, and downtime-minimizing cutover (AWS DMS or equivalent where it fits).Replace Azure messaging/eventing with SQS/SNS/EventBridge, including retries, DLQs, idempotency, and replay.Migrate secrets/config to AWS Secrets Manager and SSM Parameter Store with tight access controls and an operational rotation plan.Lead cutover and stabilization, then decommission Azure cleanly and document the final state.
• AWS landing zone, security, and guardrailsBuild a secure AWS landing zone: multi-account structure (AWS Organizations, SCPs), IAM least privilege, VPC/networking, shared services, centralized audit logging.Implement core security/governance: CloudTrail, Config, GuardDuty, Security Hub, KMS, Secrets Manager, and WAF where needed.Define standards for prod/non-prod separation, access patterns, encryption-by-default, centralized logging, and audit-ready trails.Add practical policy-as-code/guardrails so teams ship fast without bypassing controls.Partner with Security/Compliance on readiness for SOC 2 and applicable HR-tech requirements (e.g., FCRA/CCPA), focused on engineering controls and automated evidence—not paperwork.
• CI/CD and Infrastructure as Code (fast, repeatable, secure)Own GitHub repo standards and CI/CD via GitHub Actions for build/test/scan/deploy to ECS/Fargate.Use OIDC to AWS and minimize long-lived credentials; enforce least privilege for pipelines.Define infrastructure as code using Terraform (preferred) or CloudFormation/CDK: networking, ECS services, RDS, messaging, IAM, alarms, dashboards, security controls.Create reusable modules/patterns teams can adopt safely and consistently.Support .NET pipeline needs: dotnet CLI/MSBuild, NuGet, secure environment-specific configuration injection.Embed security by default: SAST, dependency scanning, container scanning, SBOMs where appropriate.
• Observability, incident readiness, and reliabilityImplement observability with CloudWatch (logs/metrics/alarms/dashboards) plus tracing (OpenTelemetry/X-Ray) for APIs and background workloads.Define SLIs/SLOs and build actionable alerts (clear thresholds, routing, runbooks); reduce noise over time.Establish incident readiness: on-call patterns, runbooks, post-incident reviews; improve MTTD/MTTR.Partner with engineers to bake in reliability (timeouts, retries, backpressure, capacity limits).
• Cost governance (FinOps)Implement cost visibility: tagging, budgets, anomaly detection, cost allocation by environment/service.Reduce spend via rightsizing/autoscaling, storage lifecycle policies, and logging/metrics retention tuning.Deliver measurable savings with before/after baselines—without reliability regressions.
• AI-enabled productivity (practical)Introduce AI-assisted workflows for delivery and ops (CI feedback summaries, runbook drafting, incident timelines, faster log/metric analysis) with security/privacy guardrails.Nice-to-have: experience enabling Amazon Bedrock with secure patterns, observability, and cost controls.

Requirements

Target StackAWS, Azure, Azure to AWS, Cloud Migration, Landing Zone, AWS Organizations, SCPs, VPC, IAM, .NET, ASP.NET Core, C#, REST APIs, Docker, Containers, ECS, Fargate, ECR, ALB, API Gateway, RDS, SQL Server, MySQL, Aurora, S3, SQS, SNS, EventBridge, Terraform, Infrastructure as Code, GitHub, GitHub Actions, OIDC, CI/CD, DevSecOps, Platform Engineering, SRE, SLIs/SLOs, CloudWatch, OpenTelemetry, X-Ray, KMS, Secrets Manager, WAF, GuardDuty, Security Hub, CloudTrail, AWS Config, FinOps, Cost Optimization, Incident Response, SOC 2, FCRA, CCPA.

Basic qualifications (must-haves)

• 7+ years in DevOps, Platform Engineering, SRE, or DevSecOps supporting production systems.
• Strong hands-on AWS experience across networking, IAM, compute, storage, and observability.
• Proven ownership of a significant cloud migration with production cutover responsibility (Azure to AWS strongly preferred).
• Solid experience running containers in production; ECS/Fargate experience is a strong plus.
• Strong Infrastructure as Code experience, preferably Terraform.
• CI/CD experience with GitHub Actions (or equivalent), secure pipeline patterns, and automated testing.
• Working understanding of .NET/ASP.NET runtime and deployment considerations.
• Strong fundamentals in secrets management, encryption, and least-privilege access.

Preferred qualifications (nice-to-haves)

• Hands-on experience migrating/operating Amazon RDS (SQL Server/MySQL/Aurora): backup/restore, failover, performance tuning.
• Messaging migration experience (Azure Service Bus/queues to SQS/SNS/EventBridge) with DLQs, retries, and replay.
• OpenTelemetry/distributed tracing experience for API-heavy platforms.
• Demonstrated cost optimization wins with measurable reductions without hurting reliability.
• SOC 2, FCRA, or CCPA experience implemented via automation and engineering controls.
• Experience enabling Amazon Bedrock with guardrails and cost controls.

The profile we’re looking for

• Ownership: you define scope, flag risks early, make decisions, and ship.
• Migration scar tissue: you’ve handled missed dependencies, data surprises, and rollback moments — and built better mechanisms afterward.
• Systems thinking: you understand how IAM, networking, CI/CD, and runtime behavior interact.

What success looks like (first 6–12 months)

• A migration plan that engineering and leadership trust, with milestones, risks, and cutover strategy.
• Prod and non-prod AWS environments fully defined as code and shipped via CI/CD with no manual drift.
• Core .NET services running on ECS/Fargate with strong observability and stable deployments.
• Data and queue migrations validated, monitored, and rollback-tested.
• Security controls and cost governance are the default, not last-minute additions.

How to apply

Send your resume and (if available) links/descriptions of IaC, migration projects, or platform work you’ve led (docs/diagrams or anonymized examples welcome). If you’ve led an Azure to AWS migration, include a short summary of what you moved and how you handled cutover.

Benefits

• Space to grow, experiment, and make a real impact.
• Work with a team of curious, kind, and driven humans.
• Hybrid work setup — up to 3 days remote for flexibility.
• Access to all essential work tools and tech.
• IT equipment for your home office.
• Private health insurance.
• Free parking at our city-center office.
• Snacks, coffee, and good vibes.

Physical Requirements

• Ability to commute to our Vilnius office 2 times / week.
• Ability to participate in a shared weekly on call rotation as part of the team’s operational support responsibilities.
• A dedicated and ergonomic workspace at home conducive to focused work, including proper seating and desk setup.
• Access to a stable and reliable high-speed internet connection.
• Adequate lighting and minimal background noise to support professional video calls and meetings.
• Ability to lift and carry up to 5 pounds occasionally, for tasks such as setting up a workstation or equipment.

Equal Employment Opportunity

AccuSourceHR, Inc. provides equal employment opportunities to all employees and applicants without regard to race, color, religion, sex, national origin, age, disability, genetic information, pregnancy, gender identity, sexual orientation, veteran status, or any other characteristic protected by federal, state, or local law.

AccuSourceHR, Inc. may modify, interpret, or apply this job description as needed. It is informational only and does not constitute an offer or guarantee of employment.

Any employment offer is contingent upon successful completion of a background investigation.

By submitting an application and/or accepting a position, you acknowledge that, if selected, you will be required to electronically sign employment‑related documents, including but not limited to the offer letter, employment agreement, and other necessary forms.

This job description is not designed to cover or contain all job duties required of the employee. There may be additional activities, duties and/or responsibilities that are required for this position that are not listed in this job description.

Key skills/competency

• Cloud Migration
• DevSecOps
• AWS Architecture
• Terraform
• CI/CD
• Containerization
• Observability
• Security Engineering
• FinOps
• .NET Development