Senior DevSecOps Engineer - Hybrid

*** Webcam interview***  Long term contract  Hybrid***

Job Description: 

Our client requires the services of a Senior DevSecOps Engineer to act as consultant with the client Solutions Management group.

Role Summary

• Hands-on security automation for AWS delivery
• Build secure-by-default CDK constructs and CloudFormation templates, wire them into CI/CD, and enforce compliance checks that map to CJIS and NIST
• Azure support is a future consideration, not a core day-one duty

Scope Boundaries

• Does not own enterprise AWS Organizations or SCP operations
• Designs and builds reference guardrails and enforcement patterns that can be deployed by enterprise teams
• Focuses on preventive controls and compliance automation, not incident response

What You Will Deliver

First 90 Days

• Pipeline security templates in GitHub Actions and Azure DevOps with SAST, SCA, IaC, container, and secret scanning gates
• Compliance as code in reference accounts: AWS Config rules and Security Hub standards aligned to CJIS and NIST 800-53, with exceptions workflow documented
• IaC reference modules using AWS CDK and CloudFormation for IAM least privilege, KMS, Secrets Manager, logging, and network baselines; Terraform equivalents provided where teams require them
• Evidence exports tying checks to control IDs and producing auditor-ready artifacts

Ongoing

• Harden CDK/CFT modules and pipeline templates as compliance needs evolve
• Coach pilot teams to adopt templates
• Raise gaps to enterprise teams for org-level enforcement

Day-to-Day Responsibilities

• Author and maintain AWS CDK constructs and CloudFormation templates; provide Terraform versions as secondary
• Implement AWS Config conformance, Security Hub standards, and GuardDuty routing in reference accounts
• Wire scanning in CI/CD for app code, containers, and IaC
• Create reusable GitHub/Azure DevOps templates with enforcement gates and exception handling
• Generate posture and evidence reports mapped to CJIS and NIST controls

Required Skills

• 5+ years AWS security automation and DevOps
• Strong with AWS CDK and CloudFormation; working proficiency in Terraform
• CI/CD authoring in GitHub Actions and Azure DevOps
• Proficient in Python and Bash, with PowerShell for Windows automation
• Able to read Java and C# to integrate and tune SAST/SCA
• Practical knowledge of CJIS and NIST 800-53 control families and how to automate checks and evidence

Nice to Have

• EKS/ECS/Lambda hardening patterns
• OPA/Conftest, Checkov, Trivy, Inspector, CodeQL or equivalent
• Basic Azure security automation for future phases

Decision Rights

Independent on design and build within standards; proposes guardrails and reference patterns; escalates enterprise-wide changes.

Skills/Requirements

• 5+ years AWS security automation and DevOps Required 5 Years
• Strong with AWS CDK and CloudFormation; working proficiency in Terraform Required
• CI/CD authoring in GitHub Actions and Azure DevOps Required
• Proficient in Python and Bash, with PowerShell for Windows automation Required
• Able to read Java and C# to integrate and tune SAST/SCA Required
• Practical knowledge of CJIS and NIST 800-53 control families and how to automate checks and evidence Required
• EKS/ECS/Lambda hardening patterns
• OPA/Conftest, Checkov, Trivy, Inspector, CodeQL or equivalent
• Basic Azure security automation for future phases