Role summary We are seeking a remote Senior DevSecOps Engineer to own and evolve the platform — Terraform, EKS, GitLab CI/CD security gates, GitOps delivery, observability, and FISMA controls — and set the engineering standard for the team. You are the person who catches a backend block in the wrong module before it merges, and who makes the security gate something developers trust rather than route around. What you’ll do

+ Own the Terraform estate across the three repos and the 2-stack-perenv layout — directory-per-env roots, semver-pinned module consumption, a provider-pinning contract (version ranges in modules, locked in roots), S3 state with native locking, and OIDC (no static keys).

+ Lead state-safe refactors — split the monolith, fold sandbox stacks into the data stack using moved blocks / state mv , with backed-up state and zero-destroy plans on stateful resources (Aurora, Redis).

+ Build and operate EKS (toward Auto Mode), GitLab CI (runner-...