Policy-as-Code Specialist

About the Role

Policy-as-code is the frontier of governance engineering — the discipline of expressing policies, rules, and regulatory obligations in structured, executable formats that can be tested, versioned, and integrated into DevSecOps pipelines and enterprise governance systems. ELDR is building this capability as a distinct practice, serving regulated institutions that need to move beyond document-based policy to policy that is demonstrably enforced, continuously tested, and auditably maintained. The Policy-as-Code Specialist is a technical governance engineer who bridges regulatory knowledge, software engineering, and documentation architecture.

Responsibilities

• Design and implement policy-as-code frameworks for regulated institutional clients — authoring policies in OPA/Rego, AWS SCP, Azure Policy, or Sentinel and integrating them into CI/CD and DevSecOps pipelines
• Develop machine-readable policy repositories managed in Git with automated testing, versioning, and change management workflows
• Translate regulatory requirements — NIST, ISO 27001, SOC 2, GDPR, PCI DSS — into executable policy rules and compliance assertions
• Architect policy governance frameworks that integrate automated policy enforcement with human-readable policy documentation
• Develop compliance-as-code testing suites that allow clients to continuously validate their posture against policy requirements
• Advise clients on the technology architecture, tooling selection, and operational model for policy-as-code at enterprise scale
• Collaborate with Technical Policy Specialists, Documentation Architects, and GRC Specialists to ensure policy-as-code outputs are aligned with broader governance frameworks

Requirements

• 8–15 years of combined experience in software engineering, DevSecOps, cloud infrastructure, and governance
• Hands-on expertise with policy-as-code tooling: Open Policy Agent (OPA), Rego, HashiCorp Sentinel, AWS SCPs, Azure Policy, or GCP Organization Policy
• Strong infrastructure-as-code skills: Terraform, Pulumi, AWS CDK, or equivalent
• Experience integrating policy enforcement into CI/CD pipelines using GitHub Actions, GitLab CI, Jenkins, or comparable platforms
• Working knowledge of relevant regulatory frameworks — NIST 800-53, ISO 27001, FedRAMP, SOC 2 — and their translation into technical controls
• Undergraduate degree in computer science, systems engineering, or related field

Preferred Qualifications

• Prior experience implementing policy-as-code for FedRAMP, FISMA, or NIST-governed federal environments
• Familiarity with GRC platform integration — connecting policy-as-code outputs with ServiceNow GRC, Archer, or OneTrust
• Experience with CSPM tools in a policy governance context: Wiz, Prisma Cloud, Orca, or AWS Security Hub
• Kubernetes policy governance experience — OPA Gatekeeper or Kyverno

What We Offer

• A role at the technical frontier of governance engineering — genuinely rare in the consulting market
• Washington-area hub with access to the federal and regulatory policy ecosystem
• Integration with ELDR's broader technology, advisory, and documentation practices
• Competitive senior compensation with performance and delivery-linked components