Location: Remote (IST-friendly overlap preferred)
Type: Freelance / Contract (fixed-scope, milestone-based)
Start: Immediate
Timeline: Ideal: 2 weeks • Hard cap: 4 weeks

Why We’re Hiring

TestZeus needs a hands-on DevOps / Cloud Security contractor who can:

1. Clean up our Sprinto checklist to get us SOC 2-ready (controls/evidence/owners/monitors), and

2. Implement Infrastructure-as-Code (IaC) guardrails so we don’t lose compliance after every sprint.

This engagement is execution-heavy. We want fast progress, high signal, and a clean handoff.

Success Criteria (Definition of Done)

By the end of the engagement:

• Sprinto has a clear, audit-ready state: control owners assigned, evidence mapped, key monitors passing, and remaining gaps documented with remediation tickets and timelines.

• Cloud baseline is codified with IaC + policy checks + drift detection for the most common SOC 2 regressions (identity, logging, encryption, backups, network).

• We have audit-friendly runbooks and repeatable processes for access reviews, change management, and incident response.

Delivery Plan (Ideal 2 Weeks / Max 4 Weeks)

Week 1 — Sprinto to Green (Critical Path)

• Sprinto audit: controls, missing evidence, failing monitors, ownership gaps, stale policies, missing integrations.

• Prioritized remediation plan (audit-critical first) + ticket-ready task list.

• Fix top-impact items: evidence links, owners, monitor failures, integrations.

• Lightweight policy/runbook refresh aligned to how we operate (no shelfware).

Week 1 Deliverable: Sprinto dashboard meaningfully improved + written gap report + execution plan.

Week 2 — IaC Guardrails + Drift Prevention

• Establish/upgrade Terraform (preferred) baseline modules:

  • IAM least privilege patterns + break-glass access

  • Central logging + retention + alerting baseline

  • Encryption defaults (KMS/TLS/secrets management approach)

  • Backups + retention + restore-test routine

  • Network baseline guardrails (ingress, firewall, private endpoints where applicable)

• Add compliance protection mechanisms:

  • Policy-as-code + CI gates (e.g., OPA/Conftest, Checkov/tfsec/Trivy)

  • Drift detection + alerting (scheduled drift runs / GitOps workflows)

• Document “how we stay compliant” operating guide.

Week 2 Deliverable: IaC guardrails merged + CI checks active + drift detection running + runbooks complete.

Weeks 3–4 (Only If Needed) — Hardening + Remaining Gaps

• Close remaining Sprinto gaps (non-critical) and improve automation coverage.

• Expand guardrails to additional services/resources discovered during the audit.

• Optional: tighten CI/CD controls (branch protections, approvals, release traceability), vendor review hygiene.

Week 4 Deliverable: Final audit-readiness walkthrough + complete handoff.

Responsibilities

1) Sprinto Checklist Cleanup (SOC 2 Readiness)

• Audit and fix Sprinto controls, evidence, and monitors.

• Automate evidence collection where possible (SSO/IAM, ticket workflows, vuln scanning, backups, logging).

• Create practical policies/runbooks that match real workflows.

2) IaC to Prevent Compliance Drift

• Codify baselines using Terraform (preferred).

• Implement guardrails for IAM, logging/monitoring, encryption, backups, and network security.

• Add policy-as-code and CI/CD gates to prevent regressions.

• Enable drift detection and alerting.

3) Audit-Friendly Operations

• Establish repeatable, documented processes for:

  • Access reviews

  • Change management hygiene

  • Incident response basics

  • Backup/restore verification

Must-Have Skills

• Proven DevOps + cloud security delivery experience (startup pace).

• Strong Terraform skills and modular IaC practices.

• CI/CD and policy/scanning tooling experience (OPA/Conftest, Checkov/tfsec/Trivy or similar).

• Ability to drive compliance outcomes fast (Sprinto/SOC 2 experience is a plus).

Nice-to-Have

• SOC 2 Type II experience (continuous controls).

• GitOps experience (e.g., ArgoCD).

What You’ll Hand Off

• Sprinto remediation report + updated owners/evidence mapping + remaining gap plan

• IaC repo/modules + CI policy checks + drift detection setup

• Runbooks: access reviews, incident handling, backups/restore checks, change control

• “Staying compliant” operating guide for engineering

Engagement Model

• Milestone-based contract strongly preferred.

• Daily async updates + 2–3 short syncs/week.

• We move fast expect quick feedback loops.

Interview Process (Fast)

1. 20–30 min intro call

2. 45–60 min deep dive (infra + Sprinto + remediation plan)

3. Scope confirmation + immediate start

How to Apply

Email hiring@testzeus.com with:

• 2–3 similar engagements (Sprinto/SOC2/IaC guardrails)

• Links to IaC work samples (if possible)

• Availability for the next 2 weeks + rate