Cloud Security & Compliance Engineer

Job description

ECS DevLabs is seeking a Cloud Security & Compliance Engineer to own the design, implementation, and continuous assessment of security controls across our AWS commercial environment, with a forward path into AWS GovCloud. This is a hands-on engineering role — the person writing the Terraform that implements a control is the same person writing the narrative that documents it, and the evidence that proves it. Our commercial AWS environment supports internal ECS DevLabs workloads and does not require formal CMMC certification today. However, we hold ourselves to a high standard: we aim to be aligned with NIST SP 800-53 , NIST SP 800-171. AWS CIS Benchmarks , and CMMC practices — treating these frameworks as engineering best practices regardless of mandate. When the organization stands up an AWS GovCloud account to support external government customers, that environment will have a formal CMMC compliance requirement, and this role will lead that effort. Alongside compliance engineering, you will own day-to-day security operations — vulnerability management, incident response, and security monitoring — and serve as the security partner for internal ECS engineering teams running workloa...