DevSecOps Engineer

CredLens is seeking a talented and motivated DevSecOps Engineer to join our growing security team, reporting directly to the Chief Information Security Officer (CISO). In this role, you will help design, secure, and scale CredLens’ enterprise-grade cloud infrastructure while embedding security best practices across the development lifecycle. You will partner closely with engineering, data, and platform teams to ensure the reliability, performance, and compliance of our outcomes data systems, supporting CredLens’ mission to deliver trusted, verified insights for the non-degree credential ecosystem. About CredLens CredLens, launched in 2024 as the newest subsidiary of Strada Education Foundation, is a national data trust focused on delivering verified outcomes insights for non-degree credentials. We help a range of organizations, such as credential issuers, funders, and policymakers, address the critical data gaps that prevent them from fully marketing and scaling their impact. CredLens is actively delivering outcomes insights to its stakeholders via enterprise-grade dashboards and visualizations and is the best-in-class solution to power ongoing research for industry-based, professional, and workforce credentials. Key Responsibilities AWS Infrastructure Security

Act as a subject matter expert in securing Infrastructure as Code (IaC), with a primary focus on the AWS Cloud Development Kit (CDK).

Support and secure our AWS environments by managing and implementing AWS security tooling, including but not limited to AWS Security Hub, Inspector, GuardDuty, AWS WAF, CloudTrail, and others.

Manage and mature IAM Roles and groups, leveraging Access Analyzer, with a focus on advancing an identity and zero trust model.

Application Security

Lead security application development efforts by implementing and managing security testing tools such as SAST (Static Application Security Testing) and DAST (Dynamic Application Security Testing).

Focus on providing architectural guidance and solutions for secure product development.

Proactively classify, triage, and manage security vulnerabilities and risks, providing clear, actionable remediation guidance to development teams.

Act as a subject matter expert, providing actionable recommendations to development teams and assisting with the remediation of security findings.

AWS Infrastructure & DevOps

Assist teams in securing infrastructure code, with a specific focus on the AWS Cloud Development Kit (CDK).

Serve as a backup/on-call resource to support and secure our AWS environments.

Support and secure the delivery pipeline using AWS CodePipeline and GitHub.

Incident Management & Threat Response

Participate in incident detection and threat response activities, helping to identify, contain, and remediate security incidents.

Work with SIEM solutions, manage log ingestion and tuning, and actively respond to security alerts and findings.

Business Information Security and Operations

Collaborate with engineering teams to design and validate Identity and Access Management (IAM) models for third-party partners and vendors, ensuring least-privilege access to CredLens data assets.

Assist in translating technical security controls into a non-technical context for audit reporting and stakeholder communication.

Support audit and compliance activities for security frameworks such as SOC 2 Type II, ISO 27001, and NIST 800-53, by helping to collect evidence and validate control effectiveness.

Qualifications and Experience

Proven Seniority: This is not a junior-level role; you have a 5+ year track record of success in DevSecOps, Cloud Security, or Security Engineering.

AWS Expertise: Deep, hands-on experience with AWS security services and cloud best practices.

Security as Code: Proficiency in Infrastructure as Code (IaC) principles; experience with AWS CDK is a plus, but a willingness to master it is essential.

Automation Mindset: Strong scripting and automation skills used to manage vulnerabilities and security testing.

Compliance & Frameworks: A solid understanding of frameworks like SOC 2 Type II, ISO 27001, or NIST 800-53. You can translate these technical controls into clear context for audit reporting.

Audit Readiness: Experience leading evidence collection and supporting external auditors during security assessments.

We prioritize your ability to problem-solve, collaborate, and ensure quality over traditional academic milestones. While a degree in Computer Science or Information Security is welcome, we place higher value on practical, real-world experience and proven industry credentials such as those from ISC2 (CISSP or CCSP), CompTIA Security+, or AWS Certifications (Security or DevOps Specialty).

Skills and Abilities

Strong problem-solving skills and the ability to navigate complex cybersecurity environments.

Excellent communication skills, with the ability to provide clear, actionable guidance to technical and non-technical teams.

A collaborative and mission-driven approach, with a commitment to CredLens' core values.

Ability to learn new technologies and acquire new skills regularly.

Thrives under pressure, is operationally focused, and is a collaborative team player.