New Role Senior DevSecOps Engineer - hybrid (Mechanicsburg PA)

Position Detail's: • Position Name: Senior DevSecOps Engineer (TAS1 A4 SC3)

• Location: Hybrid (2 days onsite / 3 days remote), Mechanicsburg, PA 17050

Overview: Seeking a Senior DevSecOps Engineer to act as a consultant within a solutions management group, focusing on security automation for AWS environments. The role emphasizes building secure infrastructure, enforcing compliance, and integrating security controls into CI/CD pipelines.

Important Notes: • Contract is funded through June 30, 2026, with potential extension.

• Candidates must be willing to relocate for a hybrid role if not local.
• Initial onsite presence required for equipment pickup and onboarding.
• Role is contingent on successful background checks and clearance approvals.
• Do not resubmit candidates from previous requisitions.

Work Schedule: • Hours: 8:00 AM 5:00 PM (1-hour lunch)

• Start Date: After clearance and onboarding completion

Role Summary: Hands-on role focused on security automation within AWS delivery pipelines. Responsibilities include developing secure-by-default infrastructure templates, integrating compliance checks, and aligning with CJIS and NIST standards. Note: Azure support may be introduced in future phases.

Scope Boundaries: • Does not manage enterprise-level AWS Organizations or SCPs

• Focus on reference architectures, guardrails, and enforcement patterns
• Emphasis on preventive controls and compliance automation, not incident response

Key Deliverables (First 90 Days)

• Build secure CI/CD pipeline templates (GitHub Actions & Azure DevOps) with: • SAST, SCA, IaC, container, and secret scanning
• Implement compliance-as-code: • AWS Config rules
• Security Hub standards aligned to CJIS & NIST 800-53
• Develop Infrastructure-as-Code modules: • AWS CDK & CloudFormation
• Terraform (as needed)
• Cover IAM, KMS, Secrets Manager, logging, and networking
• Generate audit-ready evidence reports mapped to compliance controls

Ongoing Responsibilities: • Enhance security templates and compliance frameworks

• Support adoption by engineering teams
• Identify and escalate enterprise-level gaps

Day-to-Day Responsibilities: • Develop and maintain AWS CDK & CloudFormation templates

• Implement AWS Config, Security Hub, and GuardDuty integrations
• Integrate security scanning into CI/CD pipelines
• Create reusable pipeline templates with enforcement controls
• Generate compliance and audit reports

Required Skills: • 5+ years of AWS security automation & DevOps experience

• Strong expertise in AWS CDK & CloudFormation; working knowledge of Terraform
• Experience with GitHub Actions and Azure DevOps CI/CD pipelines
• Proficiency in Python, Bash, and PowerShell
• Ability to read Java and C# for SAST/SCA integration
• Knowledge of CJIS and NIST 800-53 compliance frameworks

Nice to Have: • Experience with EKS, ECS, and Lambda security hardening

• Familiarity with tools like OPA, Conftest, Checkov, Trivy, Inspector, CodeQL
• Basic knowledge of Azure security automation