DevSecOps InternAt — GenRocket, Inc.

Focus on DevOps with AWS and Terraform to secure and scale our multi-tenant and single-tenant infrastructure. To be included in the discussion and strategy of our AI development.

Tasks:

Hardavi will be supervised to perform many of the duties of a DevSecOps Engineer, overseen by the DevOps team lead, including many of the following tasks:

• AWS Ecosystem Management
  •  Deploy and manage services in AWS.
  • Optimize cost, scalability, availability, and security across AWS accounts.
  • Apply tagging policies, IAM best practices, and cross-account access patterns.

• Containerization & Orchestration with Docker & ECS
  • Build and maintain Docker images, optimize Dockerfiles.
  • Set up ECS services/tasks, load balancers, and auto-scaling policies.
  • Monitor ECS workloads and troubleshoot container lifecycle issues.

• Log Management & Tracing (CloudWatch, Datadog)
  • Aggregate logs from ECS, Lambda, EC2, and other services into CloudWatch and/or Datadog.
  • Set up log-based metrics and anomaly detection.
  • Implement distributed tracing where applicable.

•  Security Tooling & Governance
  • Use AWS Security Hub and Inspector to detect misconfigurations, vulnerabilities, and compliance violations.
  • Respond to findings and automate remediation pipelines where appropriate.
  • Support secure secrets management (e.g., SSM Parameter Store, Secrets Manager).

• Role-Based Access Control & Policy Enforcement
  • Manage IAM roles, policies, and least-privilege access models for services and users.
  • Implement guardrails using tools like SCPs, Config Rules, or automated checks in CI/CD.

•  Collaboration & Documentation
  • Work closely with developers, SREs, and security teams to streamline delivery processes.
  • Write and maintain technical documentation, runbooks, and onboarding guides.

• Incident Management & Root Cause Analysis
  • Participate in on-call rotations if required.
  • Use observability and audit data to investigate incidents and identify long-term fixes.

• Vulnerability Management (Amazon Inspector + OS/Container Scanning)
  • Use Amazon Inspector for:
    • Continuous vulnerability scanning of EC2 instances and container images in Amazon ECR.
    • Real-time CVE detection based on installed software or base images.

  • Integrate Inspector findings into dashboards and reports for tracking vulnerabilities.
  • Prioritize remediation based on CVSS score, exploitability, and business impact.
  • Automate patching via SSM Patch Manager or custom automation pipelines.

• Cloud Custodian (Policy-as-Code Enforcement)
  • Implement Cloud Custodian to enforce security, cost, and tagging policies at scale.
  • E.g., automatically delete untagged or non-compliant resources.
  • Enforce encryption on S3, RDS, and EBS volumes.
  • Terminate instances or revoke access keys based on age or inactivity.
  • Schedule Custodian policies via AWS Lambda or EventBridge for continuous compliance.
  • Integrate policy execution results into Slack, CloudWatch, or SIEM tools for visibility.

Training:

* Weekly scheduled one-on-one time with the CTO
* Daily scheduled time supervised by DevOps Leader
* Full hands-on tasks and assignments given by DevOps Leader
* Monthly progress reviews and check-ins with HR
* Inclusion in GenRocket Company Quarterly review and Monthly townhall meetings

Learning Outcome:

• Deploy and secure AWS infrastructure across multi-account environments with IAM and tagging best practices.
• Build and optimize Docker containers; configure ECS services with load balancers, auto-scaling, and lifecycle monitoring.
• Enable distributed tracing for ECS and Lambda. Configure log-based metrics, alarms, and anomaly detection for faster incident response.
• Integrate distributed tracing techniques to pinpoint performance bottlenecks in microservices.
• Automate vulnerability scanning and remediation using Amazon Inspector, SSM Patch Manager, and CI/CD pipelines.
• Enforce least-privilege IAM access and policy-as-code with Cloud Custodian, SCPs, and Config Rules.
• Collaborate with SREs and developers; author runbooks and handle incident response using observability and audit tools.