Senior DevSecOps Engineer
Mechanicsburg, PA - Contracted
Location: Mechanicsburg, PA
Position Type: Hybrid
Hybrid Schedule: 2 days onsite
Contract Length: Long-term with annual extensions
Position Overview:
The Senior DevSecOps Engineer serves as a hands-on consultant responsible for building and implementing secure-by-default AWS infrastructure and CI/CD pipelines, with a strong focus on automation and compliance. This role designs reusable security guardrails, enforces compliance aligned to CJIS and NIST standards, and enables development teams to adopt secure delivery practices at scale.
Duties:
Required Skills:
Preferred Skills:
Position Type: Hybrid
Hybrid Schedule: 2 days onsite
Contract Length: Long-term with annual extensions
Position Overview:
The Senior DevSecOps Engineer serves as a hands-on consultant responsible for building and implementing secure-by-default AWS infrastructure and CI/CD pipelines, with a strong focus on automation and compliance. This role designs reusable security guardrails, enforces compliance aligned to CJIS and NIST standards, and enables development teams to adopt secure delivery practices at scale.
Duties:
- Design, develop, and maintain secure AWS CDK constructs and CloudFormation templates, with Terraform equivalents as needed
- Build and integrate security controls into CI/CD pipelines using GitHub Actions and Azure DevOps, including SAST, SCA, IaC, container, and secret scanning
- Implement and manage AWS Config rules, Security Hub standards, and GuardDuty integrations within reference environments
- Develop reusable pipeline templates with embedded compliance enforcement gates and exception handling workflows
- Create and maintain compliance-as-code frameworks aligned to CJIS and NIST 800-53 standards
- Generate automated compliance reports and auditor-ready evidence mapped to control requirements
- Establish IAM least privilege, KMS, Secrets Manager, logging, and network security baselines through infrastructure-as-code
- Continuously enhance and harden security templates, modules, and pipelines as compliance requirements evolve
- Provide technical guidance and coaching to teams adopting secure DevOps practices and templates
- Identify gaps in security or compliance and escalate recommendations for enterprise-level enforcement improvements
Required Skills:
- 5+ years of experience in AWS security automation and DevOps practices
- Strong expertise in AWS CDK and CloudFormation, with working proficiency in Terraform
- Experience authoring and maintaining CI/CD pipelines using GitHub Actions and Azure DevOps
- Proficiency in Python and Bash scripting, with working knowledge of PowerShell for Windows automation
- Ability to read and understand Java and C# code to support integration and tuning of SAST and SCA tools
- Practical knowledge of CJIS and NIST 800-53 control families, including automating compliance checks and evidence generation
Preferred Skills:
- Experience implementing security hardening patterns for EKS, ECS, and AWS Lambda
- Familiarity with tools such as OPA/Conftest, Checkov, Trivy, Inspector, CodeQL, or similar
- Basic experience with Azure security automation for future cloud expansion initiatives
