# Senior Site Reliability Engineer - Government Cloud

**Company:** [Tines](https://hotfix.jobs/companies/tines)
**Location:** Remote
**Role:** DevOps / SRE
**Salary:** $210k – $220k/yr
**Experience:** 5+ years
**Skills:** AWS, Aws Govcloud, Terraform, Cdk, Infrastructure As Code, FedRAMP, Cmmc, Vpc, CI/CD, Docker, Kubernetes, Opensearch, IAM, Encryption, Fips
**Posted:** 2026-06-25

> Build and operate AWS GovCloud infrastructure for federal customers, owning IaC, container pipelines, compliance documentation, and operational tooling. Requires 5+ years AWS experience and FedRAMP familiarity.

## Job Description

## What you will be doing
- Building and operating the AWS GovCloud environment that will host Tines for federal customers — from foundational network architecture through to production-ready, assessment-ready infrastructure.
- Designing and implementing repeatable infrastructure-as-code to provision dedicated customer environments.
- Owning the container image pipeline for our government deployment — building, hardening, scanning, and promoting FIPS-compliant images through our CI/CD pipeline using AWS native tooling.
- Identifying and fixing availability risks and monitoring gaps to ensure our government environments stay healthy, observable, and auditable.
- Working closely with our assessment partners to produce the infrastructure documentation, architecture diagrams, and evidence needed for FedRAMP authorization.
- Enabling product engineers to build new features that work seamlessly across our commercial and government environments: observability, logging, and simplifying deployments.
- Defining how we separate compliance-restricted functions from day-to-day engineering operations so the team can ship code and respond to incidents without breaking the security boundary.
- Supporting our self-hosted federal customers operating in our CMMC environment, including handling escalations and complex, long-running support cases as part of the team's on-call responsibilities.

## Projects you might work on
- Designing the infrastructure-as-code library for GovCloud customer provisioning — a repeatable process to stand up an isolated environment with all required AWS services pre-configured with FedRAMP-required encryption and logging.
- Building the CI/CD pipeline that promotes container images from development through staging to GovCloud production, with vulnerability scanning gates and change control documentation baked into the workflow.
- Creating operational runbooks for customer provisioning, incident response, patching, and disaster recovery that satisfy our assessment requirements.
- Setting up monitoring dashboards and alarms that feed into a Tines tenant for automated incident triage.
- Building IAM structures and permission boundaries that let engineers deploy and debug in production while maintaining least-privilege access required for compliance.
- Monitoring, scaling, and operating data services like OpenSearch in production — managing indexes and retention, tuning for performance, and building in-product tooling that surfaces cluster health and observability to the team.
- Collaborating with our Product and Design teams to enable compliance-specific product features like smart card authentication and DNS security extensions.
- Writing documentation that helps the broader engineering team understand how to build and test features in a compliance-regulated environment.

## Is this the right role for you?
- 5+ years in an infrastructure, DevOps, or cloud engineering role with meaningful time spent in AWS. Direct experience with AWS GovCloud is a strong plus, but deep AWS fluency with a willingness to navigate GovCloud's constraints is what matters most.
- Hands-on experience designing VPC architectures, configuring encryption at rest and in transit, and operating AWS native compute, database, and caching services in production under real workloads.
- Worked with infrastructure-as-code like CDK or Terraform in FedRAMP or CMMC environments, preferably supporting a customer-facing SaaS product.
- Understand what it takes to operate in a compliance-regulated environment. FedRAMP, FISMA, or similar experience is valuable.
- Comfortable with container image pipelines and hardening. Able to reason about base image provenance, vulnerability scanning, and what "hardened" actually means in practice.
- Good instincts for the boundary between "locked down for compliance" and "usable by engineering."
- Can write clearly. This role involves producing tech plans, runbooks, and operational documentation that will be reviewed during our FedRAMP assessment.
- Comfortable learning new technologies. We use Ruby, Rails, React, TypeScript, Postgres, Redis, and Kubernetes.

## Similar roles

- [Senior Network & Site Reliability Engineer](https://hotfix.jobs/jobs/01c8d349-e039-4dc2-ae91-085b7c4314ed) - Alembic - San Francisco, CA - $210k – $240k/yr
- [Infrastructure Design Engineer](https://hotfix.jobs/jobs/3b0ef649-0165-4d32-b476-08f3cc082801) - Together AI - San Francisco, CA - $210k – $250k/yr
- [Senior Site Reliability Engineer](https://hotfix.jobs/jobs/17262461-8779-40f0-997e-c13fe8a4148e) - Alembic - San Francisco, CA - $210k – $240k/yr
- [Senior Software Engineer, SRE](https://hotfix.jobs/jobs/b3849868-9229-4bba-8c9b-b5d8c39a46de) - Abridge - San Francisco, CA - $211k – $248k/yr
- [Senior Production Engineer](https://hotfix.jobs/jobs/7e185245-bfb5-4bd4-b862-004fcfe54e76) - Crusoe - San Francisco, CA - $209k – $253k/yr

**Apply:** https://hotfix.jobs/jobs/2baea467-f6d7-4c95-8eda-8bf4a56ab384
**Canonical:** https://hotfix.jobs/jobs/2baea467-f6d7-4c95-8eda-8bf4a56ab384