Overview
On Site
Accepts corp to corp applications
Contract - W2
Contract - Independent
Contract - 12 Month(s)
Skills
DevSecOps
GC
Onboarding
Pick
JD
SCP
Incident Management
Workflow
Network
IDS
Regulatory Compliance
Routing
Continuous Delivery
Amazon Web Services
Terraform
Continuous Integration
Optical Disc Authoring
GitHub
DevOps
Python
Bash
Windows PowerShell
Microsoft Windows
Java
C#
SCA
NIST 800-53
Hardening
Oracle Policy Automation
Microsoft Azure
Oracle UCM
OM
WebKit
SANS
IMG
Job Details
Position: Senior DevSecOps Engineer
Location: Hybrid; Remote Off-Site and On-Site in Mechanicsburg, PA
Location: Hybrid; Remote Off-Site and On-Site in Mechanicsburg, PA
Visa: USC. GC-EAD and
Note: Position is available to candidates nationwide, but candidate must be LOCAL or ready to relocate for this hybrid position (60% remote vs. 40% onsite). Candidate must go on-site on their first day to for onboarding; pick up commonwealth-issued equipment, possible badging, etc.
JD:
Note: Position is available to candidates nationwide, but candidate must be LOCAL or ready to relocate for this hybrid position (60% remote vs. 40% onsite). Candidate must go on-site on their first day to for onboarding; pick up commonwealth-issued equipment, possible badging, etc.
JD:
Role summary;
- Hands-on security automation for AWS delivery. Build secure-by-default CDK constructs and CloudFormation templates, wire them into CI/CD, and enforce compliance checks that map to CJIS and NIST. Azure support is a future consideration, not a core day-one duty.
- Does not own enterprise AWS Organizations or SCP operations.
- Designs and builds reference guardrails and enforcement patterns that can be deployed by enterprise teams.
- Focuses on preventive controls and compliance automation, not incident response.
What you will deliver in the first 90 days;
- Pipeline security templates in GitHub Actions and Azure DevOps with SAST, SCA, IaC, container, and secret scanning gates.
- Compliance as code in reference accounts: AWS Config rules and Security Hub standards aligned to CJIS and NIST 800-53, with exceptions workflow documented.
- IaC reference modules using AWS CDK and CloudFormation for IAM least privilege, KMS, Secrets Manager, logging, and network baselines; Terraform equivalents provided where teams require them.
- Evidence exports tying checks to control IDs and producing auditor-ready artifacts.
Ongoing;
- Harden CDK/CFT modules and pipeline templates as compliance needs evolve.
- Coach pilot teams to adopt templates.
- Raise gaps to enterprise teams for org-level enforcement.
Day-to-day responsibilities;
- Author and maintain AWS CDK constructs and CloudFormation templates; provide Terraform versions as secondary.
- Implement AWS Config conformance, Security Hub standards, and GuardDuty routing in reference accounts.
- Wire scanning in CI/CD for app code, containers, and IaC.
- Create reusable GitHub/Azure DevOps templates with enforcement gates and exception handling.
- Generate posture and evidence reports mapped to CJIS and NIST controls.
The Skills and Experience:
- 5+ Years: AWS security automation and DevOps experience
- Strong with AWS CDK and CloudFormation; working proficiency in Terraform
- CI/CD authoring in GitHub Actions and Azure DevOps
- Proficient in Python and Bash, with PowerShell for Windows automation
- Able to read Java and C# to integrate and tune SAST/SCA
- Practical knowledge of CJIS and NIST 800-53 control families and how to automate checks and evidence
- EKS/ECS/Lambda hardening patterns
- OPA/Conftest, Checkov, Trivy, Inspector, CodeQL or equivalent
- Basic Azure security automation for future phases
Navnish kumar
Sr. IT Technical Recruiter
Stellent IT Phone:
Email: navnish
Gtalk: navnishom
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.