Fast Facts

CredLens is looking for a skilled DevSecOps Engineer to join their security team, focusing on securing and scaling their cloud infrastructure while collaborating with various teams to ensure compliance and performance.

Responsibilities: Key responsibilities include securing AWS environments, managing security testing tools, incident response, and collaborating on Identity and Access Management solutions while supporting audit activities.

Skills: Required skills include deep knowledge of AWS security services, scripting and automation abilities, as well as proficiency in Infrastructure as Code principles.

Qualifications: Candidates should have 5+ years of experience in DevSecOps or Cloud Security and be familiar with security frameworks like SOC 2 and ISO 27001, along with relevant industry certifications being preferred.

Location: This position is based in Washington, DC, with a hybrid work model requiring two days per week in the office.

Compensation: $151800 - $176500 / Annually

CredLens is seeking a talented and motivated DevSecOps Engineer to join our growing security team, reporting directly to the Chief Information Security Officer (CISO). In this role, you will help design, secure, and scale CredLens’ enterprise-grade cloud infrastructure while embedding security best practices across the development lifecycle. You will partner closely with engineering, data, and platform teams to ensure the reliability, performance, and compliance of our outcomes data systems, supporting CredLens’ mission to deliver trusted, verified insights for the non-degree credential ecosystem.

About CredLens

CredLens, launched in 2024 as the newest subsidiary of Strada Education Foundation, is a national data trust focused on delivering verified outcomes insights for non-degree credentials. We help a range of organizations, such as credential issuers, funders, and policymakers, address the critical data gaps that prevent them from fully marketing and scaling their impact. CredLens is actively delivering outcomes insights to its stakeholders via enterprise-grade dashboards and visualizations and is the best-in-class solution to power ongoing research for industry-based, professional, and workforce credentials.

Key Responsibilities

AWS Infrastructure Security

• Act as a subject matter expert in securing Infrastructure as Code (IaC), with a primary focus on the AWS Cloud Development Kit (CDK).
• Support and secure our AWS environments by managing and implementing AWS security tooling, including but not limited to AWS Security Hub, Inspector, GuardDuty, AWS WAF, CloudTrail, and others.
• Manage and mature IAM Roles and groups, leveraging Access Analyzer, with a focus on advancing an identity and zero trust model.

Application Security

• Lead security application development efforts by implementing and managing security testing tools such as SAST (Static Application Security Testing) and DAST (Dynamic Application Security Testing).
• Focus on providing architectural guidance and solutions for secure product development.
• Proactively classify, triage, and manage security vulnerabilities and risks, providing clear, actionable remediation guidance to development teams.
• Act as a subject matter expert, providing actionable recommendations to development teams and assisting with the remediation of security findings.

AWS Infrastructure & DevOps

• Assist teams in securing infrastructure code, with a specific focus on the AWS Cloud Development Kit (CDK).
• Serve as a backup/on-call resource to support and secure our AWS environments.
• Support and secure the delivery pipeline using AWS CodePipeline and GitHub.

Incident Management & Threat Response

• Participate in incident detection and threat response activities, helping to identify, contain, and remediate security incidents.
• Work with SIEM solutions, manage log ingestion and tuning, and actively respond to security alerts and findings.

Business Information Security and Operations

• Collaborate with engineering teams to design and validate Identity and Access Management (IAM) models for third-party partners and vendors, ensuring least-privilege access to CredLens data assets.
• Assist in translating technical security controls into a non-technical context for audit reporting and stakeholder communication.
• Support audit and compliance activities for security frameworks such as SOC 2 Type II, ISO 27001, and NIST 800-53, by helping to collect evidence and validate control effectiveness.

Qualifications and Experience

• Proven Seniority: This is not a junior-level role; you have a 5+ year track record of success in DevSecOps, Cloud Security, or Security Engineering.
• AWS Expertise: Deep, hands-on experience with AWS security services and cloud best practices.
• Security as Code: Proficiency in Infrastructure as Code (IaC) principles; experience with AWS CDK is a plus, but a willingness to master it is essential.
• Automation Mindset: Strong scripting and automation skills used to manage vulnerabilities and security testing.
• Compliance & Frameworks: A solid understanding of frameworks like SOC 2 Type II, ISO 27001, or NIST 800-53. You can translate these technical controls into clear context for audit reporting.
• Audit Readiness: Experience leading evidence collection and supporting external auditors during security assessments.
• We prioritize your ability to problem-solve, collaborate, and ensure quality over traditional academic milestones. While a degree in Computer Science or Information Security is welcome, we place higher value on practical, real-world experience and proven industry credentials such as those from ISC2 (CISSP or CCSP), CompTIA Security+, or AWS Certifications (Security or DevOps Specialty).

Skills and Abilities

• Strong problem-solving skills and the ability to navigate complex cybersecurity environments.
• Excellent communication skills, with the ability to provide clear, actionable guidance to technical and non-technical teams.
• A collaborative and mission-driven approach, with a commitment to CredLens' core values.
• Ability to learn new technologies and acquire new skills regularly.
• Thrives under pressure, is operationally focused, and is a collaborative team player.

$151,800 - $176,500 a year

plus annual bonus

The pay range listed is based on national compensation benchmark data and may vary depending on skills, experience, job-related knowledge, variations in cost of labor, and in some cases, geographic location. The exact job offer will be determined based on several factors such as the candidate’s individual skills, qualifications and experience relative to the requirements of the role. The range displayed with the job posting represents the minimum and maximum target for new hire salaries for the position across the U.S.  

We don’t expect every candidate to meet every requirement. What matters most to us is strong curiosity, a willingness to learn, and the ability to grow alongside our team. If you’re passionate about security and inspired by CredLens’ mission—even if your experience doesn’t align perfectly with every qualification—we encourage you to apply. This is a hybrid position, with an expectation of two days per week in our Washington, DC office.

Mission and Values Alignment:

Committed to providing equitable pathways to opportunity through PSET, particularly for individuals who have faced significant barriers. Demonstrated alignment with CredLens' guiding values, commitment to building a strong and healthy workplace culture, and working in a collaborative environment.    

Diversity, equity, and inclusion are central to CredLens' organizational vibrancy, employee experience, and mission. We strongly encourage applicants from people of color/the global majority, immigrant, bilingual, and bicultural individuals; people with disabilities, members of the LGBTQIA2S+ and gender nonconforming communities; and people with other diverse backgrounds and lived experiences. We believe every member on the team enriches our workplace by exposing us to a broad range of ways to understand and engage with the world, identify challenges, and discover, design, and deliver critical insights and solutions.