DevSecOps Engineer
Experience: 12+ years
Job Summary
We are looking for a DevSecOps Engineers who can help lead our infrastructure-as-code and CICD deliverables for the AIM project and raise the bar on security across the AIM program. You will design and maintain Terraform modules consumed by multiple teams build secure CI/CD pipelines and ensure every provisioned resource follows least-privilege principles. You will work within HCP Terraform using VCS-driven workflows and help shape how the team adopts AI-assisted development tooling responsibly.
Please note, this role is not able to offer visa transfer or sponsorship now or in the future*
Responsibilities
What You’ll Do
Design build and maintain reusable Terraform modules with clear interfaces versioning and documentation so other teams can self-serve infrastructure safely
- Manage and optimize HCP Terraform workspaces using VCS-driven workflows - including workspace design variable sets run triggers and policy enforcement
- Provision and manage cloud resources (primarily AWS) following least-privilege access patterns and security best practices
- Manage secrets and sensitive configuration using HashiCorp Vault and/or AWS Secrets Manager
- Build and maintain CI/CD pipelines (GitHub Actions) with proper gating scanning testing and promotion workflows that integrate with HCP Terraform VCS-driven run model
- Conduct security reviews of infrastructure code and pipeline configurations
What You Bring
Must Have
- 5+ years of hands-on Terraform experience including writing modules with proper state management remote backends and provider configuration
- Hands-on Experience with HCP Terraform (Terraform Cloud) specifically VCS-driven workflows - workspace configuration speculative plans on PRs run approvals and managing workspace variables/variable sets
- Experience with HCP Terraform private registry for publishing and consuming internal modules
- Strong understanding of AWS IAM - policies roles trust relationships permission boundaries and service control policies
- Hands-on Experience with at least one secrets management platform: HashiCorp Vault or AWS Secrets Manager
- Solid understanding of OIDC and federated identity -how trust is established token exchange and practical application in CI/CD and cloud access
- Proven experience building and maintaining CI/CD pipelines in GitHub Actions or GitLab CI/CD including environment promotion approval gates and artifact management
- Security-first mindset - you default to deny scope permissions tightly and can articulate why
- Hands-on Experience using AI coding assistants (Amazon Q Kiro GitHub Copilot or similar) with a clear understanding of when to trust verify and override AI-generated output
- Commitment to human-in-the-loop practices code review manual approval gates for production and treating AI output as a draft - never as the final word
Nice to Have
- Experience with Sentinel within HCP Terraform
- Knowledge of infrastructure testing tools
- Contributions to internal developer platforms or self-service infrastructure tooling
How We Work
- Infrastructure changes are driven through VCS - a push or PR triggers speculative plans and runs in HCP Terraform with peer review required before apply
- AI tools accelerate our work but every change is reviewed by a human before merging
- We treat security as a shared responsibility not a gate at the end
- We document architectural decisions and keep runbooks current
- We prefer simple maintainable solutions over clever ones
Applications will be accepted until 7/28/2026
The annual salary for this position is between $100,000- $155,000 depending on experience and other qualifications of the successful candidate.
This position is also eligible for Cognizant’s discretionary annual incentive program, based on performance and is subject to the terms of Cognizant’s applicable plans.
Benefits: Cognizant offers the following benefits for this position, subject to applicable eligibility requirements:
· Medical/Dental/Vision/Life Insurance
· Paid holidays plus Paid Time Off
· 401(k) plan and contribution
· Long-term/Short-term Disability
· Paid Parental Leave
· Employee Stock Purchase Plan
Disclaimer: The salary, other compensation, and benefits information is accurate as of the date of this posting. Cognizant reserves the right to modify this information at any time, subject to applicable law.
Über Cognizant
Cognizant (NASDAQ: CTSH) i ist ein Technologiedienstleister und Entwickler von KI-Lösungen. Wir schlagen die Brücke zwischen KI-Investitionen und echtem unternehmerischem Mehrwert, indem wir ganzheitliche Full-Stack-KI-Lösungen für unsere Kunden entwickeln. Mit unserer fundierten Branchen-, Prozess- und Engineering-Expertise integrieren wir die spezifischen Anforderungen von Unternehmen passgenau in Technologiesysteme. So entfalten wir das menschliche Potenzial, erzielen greifbare Ergebnisse und sichern globalen Unternehmen in einer sich rasant wandelnden Welt den entscheidenden Vorsprung. Erfahren Sie mehr unter cognizant.ai oder @cognizant.
Zusätzliche Informationen zur Beschäftigung
Die Vergütungsinformationen sind zum Zeitpunkt der Veröffentlichung dieser Stellenausschreibung korrekt. Cognizant behält sich das Recht vor, diese Informationen jederzeit unter Beachtung der geltenden gesetzlichen Bestimmungen zu ändern.
Bewerberinnen und Bewerber können verpflichtet sein, an Vorstellungsgesprächen persönlich oder per Videokonferenz teilzunehmen. Darüber hinaus kann es erforderlich sein, bei jedem Gespräch einen gültigen staatlichen Lichtbildausweis vorzulegen.
Cognizant ist ein Arbeitgeber mit Chancengleichheit. Ihre Bewerbung und Kandidatur werden nicht aufgrund von Rasse, Hautfarbe, Geschlecht, Religion, Glaubensbekenntnis, sexueller Orientierung, Geschlechtsidentität, nationaler Herkunft, Behinderung, genetischen Informationen, Schwangerschaft, Veteranenstatus oder sonstiger durch bundes‑, landes‑ oder kommunalrechtliche Vorschriften geschützter Merkmale berücksichtigt oder abgelehnt.







