Senior DevOps Engineer

About Us

At Cast & Crew, we’ve empowered creativity and supported the global entertainment industry for decades. Together with our family of brands - Backstage, CAPS, Checks & Balances, Final Draft, Media Services, Sargent-Disc, and The TEAM Companies – we operate as a combined entertainment technology and services provider offering industry standard screenwriting accounting software, digital payroll products, data & reporting, and a host of creative tools.  The industry continues to move faster than ever, and the need for our expertise, our technology, and our people has never been greater.  We are a production’s best ally every step of the way. #OneCastOneCrew

Position Overview
The Senior DevOps Engineer plays a key role in drive technical leadership within our innovative IT organization. This full-time role focuses on architecting and securing DevOps pipelines, cloud infrastructure, applications, and database environments, with a strong emphasis on AWS, including EKS, AWS Control Tower, Azure AKS and Azure cloud.
The ideal candidate will have 8-10 years of DevOps experience, specializing in infrastructure, applications (Java, Node.js, .NET), and databases (MSSQL, MySQL, PostgreSQL) hosted on AWS RDS and Azure. You will lead the design and implementation of secure, scalable cloud solutions, leveraging AWS EKS for container orchestration, AWS Control Tower for governance, and infrastructure-as-code practices using Terraform.
Expertise in ingress/egress network firewalls, security tools (e.g., Snyk, Orca, Nexus), and SOC controls is essential to ensure robust and compliant systems. This role will collaborate with development, operations, and security teams to champion secure and efficient DevOps practices, while providing technical mentorship and strategic direction.

The ideal candidate will have 8-10 years of DevOps experience, specializing in infrastructure, applications (Java, Node.js, .NET), and databases (MSSQL, MySQL, PostgreSQL) hosted on AWS RDS and Azure. You will lead the design and implementation of secure, scalable cloud solutions, leveraging AWS EKS for container orchestration, AWS Control Tower for governance, and infrastructure-as-code practices using Terraform.

Expertise in ingress/egress network firewalls, security tools (e.g., Snyk, Orca, Nexus), and SOC controls is essential to ensure robust and compliant systems. This role will collaborate with development, operations, and security teams to champion secure and efficient DevOps practices, while providing technical mentorship and strategic direction.

Core Responsibilities

• Lead the design, implementation, and optimization of secure DevOps pipelines and infrastructure in AWS and Azure, with a focus on AWS EKS for Kubernetes-based workloads and AWS Control Tower for multi-account governance, adhering to cloud-native security and scalability best practices.
• Provide technical leadership for AWS EKS, overseeing cluster architecture, auto-scaling, security configurations (e.g., RBAC, Pod Security Policies), and integration with CI/CD pipelines for containerized applications.
• Architect and manage AWS Control Tower to enforce governance, compliance, and security policies across multi-account AWS environments, ensuring standardized account management and guardrails.
• Drive infrastructure-as-code (IaC) initiatives using Terraform to provision and manage AWS and Azure resources, ensuring consistency, reproducibility, and security.
• Secure AWS RDS instances hosting MSSQL, MySQL, and PostgreSQL databases, implementing encryption, access controls, auditing, and vulnerability management.
• Identify and resolve security vulnerabilities in infrastructure, applications (Java, Node.js, .NET), and database systems, promoting secure coding and configuration practices.
• Configure and manage ingress/egress network firewalls (e.g., AWS WAF, Azure Firewall) to safeguard cloud, on-premises, and database environments from unauthorized access and threats.
• Leverage security tools such as Snyk, Orca, Nexus, and others to conduct vulnerability scans, penetration testing, and risk assessments across infrastructure, applications, and databases.
• Integrate security into CI/CD pipelines, collaborating with development teams to ensure secure code deployment, IaC, and database configurations using tools like Jenkins, GitLab, or Azure DevOps.
• Conduct security audits and ensure compliance with SOC controls (e.g., SOC 2), providing detailed documentation and remediation plans for infrastructure, applications, and database security.
• Monitor and respond to security incidents using AWS and Azure cloud security services (e.g., AWS Security Hub, Azure Sentinel) and database-specific monitoring tools.
• Harden cloud infrastructure (e.g., IAM policies, encryption, network security groups) and database environments to mitigate risks and align with industry standards.
• Provide strategic technical guidance on emerging security threats, tools, and best practices, delivering actionable recommendations to enhance organizational security posture.
• Mentor and coach team members on DevOps and security practices, including AWS EKS, AWS Control Tower, IaC, and database security, fostering a culture of technical excellence and security-first mindset.
• Drive cross-functional collaboration with development, operations, and security teams to align technical solutions with business objectives and operational requirements.

Key Qualifications

• Experience: 8-10 years of professional DevOps experience, with at least 4 years in a technical leadership role focused on cloud and database security.
• AWS Technical Leadership: Proven expertise in leading AWS-based solutions, including architecting and managing AWS EKS for Kubernetes workloads, AWS Control Tower for governance, and services like EC2, S3, VPCs, IAM, and Security Groups—AWS experience is mandatory.
• AWS EKS Expertise: Hands-on experience designing, deploying, and securing AWS EKS clusters, including cluster autoscaling, logging (e.g., CloudWatch), monitoring, and integration with CI/CD pipelines.
• AWS Control Tower Proficiency: Demonstrated ability to implement and manage AWS Control Tower for multi-account governance, compliance, and security policy enforcement.
• Infrastructure as Code: Advanced proficiency in writing and managing IaC using Terraform for AWS and Azure environments, ensuring secure and scalable resource provisioning.
• AWS RDS Security: Proven experience securing AWS RDS instances running MSSQL, MySQL, and PostgreSQL, including encryption, auditing, and access management.
• Azure Cloud Security: Strong skills in securing Azure infrastructure, including Azure AD, Virtual Networks, Key Vault, and Sentinel—Azure experience is mandatory.
• Database Security: Hands-on expertise securing MSSQL, MySQL, and PostgreSQL databases, including vulnerability assessment, hardening, and compliance.
• Application Security: Proficiency in identifying and resolving vulnerabilities in Java, Node.js, and .NET applications, with a focus on secure coding practices.
• Network Security: Deep knowledge of ingress/egress firewall configuration, network segmentation, and traffic monitoring using tools like AWS WAF and Azure Firewall.
• Security Tools: Expertise with tools like Snyk, Orca, Nexus, or similar for vulnerability management, penetration testing, and dependency scanning.
• SOC Controls & Audits: Strong familiarity with SOC 2 compliance, audit preparation, and control implementation for infrastructure, applications, and databases.
• CI/CD Integration: Experience with CI/CD tools (e.g., Jenkins, GitLab, Azure DevOps) and embedding security into automated workflows.
• Analytical Skills: Strong problem-solving skills to troubleshoot complex security and technical issues in a fast-paced environment.
• Communication Skills: Excellent verbal and written communication to collaborate with technical teams and present technical strategies to leadership.
• Certifications: AWS Certified Security – Specialty, AWS Certified Solutions Architect – Professional, Microsoft Certified: Azure Security Engineer Associate, CISSP, or CEH are highly desirable.
• Container Security: Experience securing containerized environments (e.g., Docker, Kubernetes) in AWS EKS and Azure AKS.
• Scripting Proficiency: Familiarity with scripting languages (e.g., Python, Bash, PowerShell) for automation of security and infrastructure tasks.

Special Work Conditions
Occasional on-call required.
Sedentary – Involves sitting most of the time but may involve walking or standing for brief periods of time. Some positions may entail exerting up to 15 lbs. of force occasionally and/or a negligible amount of force to lift, carry, push, or pull.

Benefits 

Cast & Crew provides a comprehensive package of employee benefits including: Medical, Dental, Vision, PTO, health and wellness programs, employee discounts, and more! Note: Cast & Crew benefits are subject to eligibility requirements.

Cast & Crew is an equal opportunity employer committed to hiring a diverse workforce and sustaining an inclusive culture. It is our policy to provide equal employment opportunities to all individuals based on job-related qualifications and ability to perform a job, without regard to age, gender, gender identity, sexual orientation, race, color, religion, creed, national origin, disability, genetic information, veteran status, citizenship or marital status, and to maintain a non-discriminatory environment free from intimidation, harassment or bias based upon these grounds.

CA residents
Your personal information may be collected in connection with certain services provided by Cast & Crew or its affiliated companies.  A summary of your California privacy rights can be found at: https://www.castandcrew.com/privacy-policy/

Compensation is commensurate with various factors including, but not limited to, relevant experience, qualifications, skills, training, licensure, certifications, geographic cost of labor, and other business and organizational needs. Compensation range for candidates in other locations may differ based on the cost of labor in that location. The compensation range for this position is: $140,000.00 - $165,000.00 per year.