Center for Internet Security

Compensation

Full Description

The Principal DevOps Engineer is part of the Engineering department, which resides on the DevSecOps team and reports to the Senior Director of DevSecOps. As our Principal DevOps Engineer, you will lead the secure design, deployment, and operationalization of production-grade Amazon EKS clusters using modern open-source tools such as ArgoCD, Kyverno, Karpenter, and the Grafana observability stack to support the expansion of CIS’s cloud-native infrastructure and product initiatives. As a senior technical leader within the Engineering department, you will ensure that security is embedded into every layer of our infrastructure and delivery pipelines. You will collaborate across Development, Operations, and Security teams to build automated, policy-driven, and observable infrastructure that meets the highest standards for reliability, scalability, and compliance. This role is critical in driving DevSecOps culture and practices across the organization. What You'll Do: Architect and implement secure, production-grade EKS clusters using infrastructure-as-code (IaC) and GitOps principles Integrate and configure open-source tools including ArgoCD (GitOps), Kyverno (policy enforcement), Karpenter (autoscaling), and the Grafana stack (monitoring and observability) Ensure security best practices are applied across all infrastructure components, including IAM, network policies, secrets management, and container runtime configurations Design and enforce Kubernetes security policies, RBAC, and network segmentation using tools like Kyverno and AWS-native controls Collaborate with Product and Platform teams to ensure infrastructure meets performance, reliability, and compliance requirements Build and maintain CI/CD pipelines with embedded security checks, vulnerability scanning, and policy validation Develop reusable Terraform modules and Helm charts that enforce secure defaults and compliance standards Monitor and troubleshoot production workloads, ensuring high availability, performance, and security posture Participate in an on-call rotation to support production systems and respond to incidents Advocate for DevSecOps principles and mentor engineers on secure cloud-native tooling and automation Evaluate emerging technologies and make strategic recommendations to leadership, with a focus on security and operational excellence Document architecture decisions, operational runbooks, and incident response procedures with a security-first mindset Other tasks and responsibilities as assigned What You'll Need: Bachelor’s degree in Computer Science, Engineering, or related field* 8+ years of experience in DevOps, site reliability engineering, or cloud infrastructure roles Deep expertise with Kubernetes (preferably EKS) in production environments Hands-on experience with ArgoCD, Karpenter, Prometheus, Grafana, Loki, and Tempo Proficiency in Terraform and Helm for infrastructure and application deployment Strong understanding of GitOps workflows and CI/CD pipeline design Experience with AWS services including IAM, VPC, EC2, S3, and CloudWatch Solid grasp of container security, Kubernetes RBAC, and policy-as-code (PaC) Excellent troubleshooting skills across infrastructure, networking, and application layers Strong communication skills and ability to work effectively with remote teams Must be authorized to work in the United States *Additional years of relevant experience or a combination of an Associate’s degree or equivalent and relevant experience may be substituted for the Bachelor’s degree. At CIS, we are committed to providing an inclusive environment in which the diverse backgrounds, experiences, and views of our employees, members, and customers are valued and respected. It is through this commitment that we are able to work together towards our common mission: to make the connected world a safer place. Compensation Range: USD$126,700.00 - $221,700.00 Welcome to our employment section. Here you can view our current job openings and apply for positions online. Can't decide on just one opening? Our online application system allows you to easily apply to additional positions, after creating your profile! CIS takes pride in providing a comprehensive benefits package and supportive work environment. We offer a competitive total rewards package at the Center for Internet Security: Base salary is determined on a number of factors including, but not limited to, education, experience and skills Health (PPO, EPO, HSA), Dental & Vision Insurance eligibility starting from the first day of hire $500 wellness card for Health Coverage Participants 401(k) with 4% Company Match, vested from the first day of hire Flexible Spending Account (FSA) & Dependent Care Account (DCA) Life Insurance Bonding Leave Paid Volunteering Program Bonus eligibility Paid Time Off (PTO) inclusive of vacation, personal and sick time Paid Holidays Wellness Program Employee Engagement Activities Professional Development Opportunities Tuition Reimbursement Student Loan PayDown Program Employee Referral program Employee Assistance Program The Center for Internet Security (CIS) makes the connected world a safer place for people, businesses, and governments through our core competencies of collaboration and innovation. We are a community-driven nonprofit responsible for industry-leading best practices for securing IT systems and data. CIS is also a trusted resource for cyber threat prevention, protection, response, and recovery for U.S. State, Local, Tribal, and Territorial (SLTT) government entities and election offices. CIS has an award-winning reputation for investing in its people (click here to learn more), as well as continuous learning and development. We offer our employees diverse opportunities to expand their impact personally and professionally, in their local communities, and among one another. Core Leadership Principles drive our employees at every level of the organization, empowering them to be leaders in everything they do. We are a community-driven nonprofit, responsible for the CIS Controls® and CIS Benchmarks™, globally recognized best practices for securing IT systems and data. We lead a global community of IT professionals to continuously evolve these standards and provide products and services to proactively safeguard against emerging threats. Our CIS Hardened Images® provide secure, on-demand, scalable computing environments in the cloud. CIS is home to the Multi-State Information Sharing and Analysis Center® (MS-ISAC®), the trusted resource for cyber threat prevention, protection, response, and recovery for U.S. State, Local, Tribal, and Territorial government entities, and the Elections Infrastructure Information Sharing and Analysis Center® (EI-ISAC®), which supports the rapidly changing cybersecurity needs of U.S. elections offices.