Required Skills:

• 5 years of AWS security automation and DevOps experience

• Strong expertise with AWS CDK and CloudFormation; working proficiency in Terraform

• Experience authoring CI/CD pipelines in GitHub Actions and Azure DevOps

• Proficiency in Python and Bash, with PowerShell for Windows automation

• Ability to read Java and C# to integrate and tune SAST/SCA tools

• Practical knowledge of CJIS and NIST 800-53 control families, including automating checks and evidence generation

Preferred Skills:

• Experience with EKS, ECS, and Lambda hardening patterns

• Familiarity with tools such as OPA/Conftest, Checkov, Trivy, Inspector, or CodeQL

• Basic Azure security automation knowledge for future phases

• Design, author, and maintain AWS CDK constructs and CloudFormation templates, providing Terraform equivalents where required.

• Implement AWS Config conformance packs, Security Hub standards, and GuardDuty routing in reference accounts.

• Build and maintain CI/CD security templates in GitHub Actions and Azure DevOps with scanning gates for SAST, SCA, IaC, containers, and secrets.

• Create reusable CI/CD templates with enforcement gates and exception workflows.

• Develop compliance-as-code controls aligned with CJIS and NIST 800-53, including evidence exports and auditor-ready artifacts.

• Harden CDK/CloudFormation modules and pipeline templates as compliance requirements evolve.

• Coach pilot teams on adopting reference templates and patterns.

• Raise compliance or enforcement gaps to enterprise teams for org-level action.