AWS Security Automation and DevOps Engineer - Hybrid - Contract - Mechanicsburg, PA - B4017B
β - Featured Role | Apply direct with Data Freelance Hub
This role is for an AWS Security Automation and DevOps Engineer in Mechanicsburg, PA, on a long-term contract. Key skills include AWS security automation, CDK, CloudFormation, CI/CD, Python, and compliance with CJIS and NIST. Hybrid work, two days onsite.
π - Country
United States
π± - Currency
$ USD
-
π° - Day rate
-
ποΈ - Date discovered
September 28, 2025
π - Project duration
More than 6 months
-
ποΈ - Location type
Hybrid
-
π - Contract type
Unknown
-
π - Security clearance
Unknown
-
π - Location detailed
Mechanicsburg, PA
-
π§ - Skills detailed
#Python #Bash #Azure Security #Java #Lambda (AWS Lambda) #Compliance #C# #GitHub #Infrastructure as Code (IaC) #Azure DevOps #Azure #Security #Terraform #IAM (Identity and Access Management) #Cloud #DevOps #Containers #DevSecOps #AWS (Amazon Web Services) #Scala #Logging #Automation
Role description
Dice is the leading career destination for tech experts at every stage of their careers. Our client, Technovision, Inc., is seeking the following. Apply via Dice today!
Our direct client is looking for a AWS security automation and DevOps Engineer for a Hybrid long term contract position in Mechanicsburg, PA.
Note:
β’ Hybrid with two days onsite. Schedule can be discussed during interview.
β’ Work hours: 8AM to 5PM (hourlong lunch)
β’ Start date can be ID'd upon after compliant PATCH and PSDC-related clearance has been processed and approved.
Job Description:
β’ Client requires the services of a Senior DevSecOps Engineer to act as consultant with the PSDC Solutions Management group.
β’ Hands-on security automation for AWS delivery. Build secure-by-default CDK constructs and CloudFormation templates, wire them into CI/CD, and enforce compliance checks that map to CJIS and NIST. Azure support is a future consideration, not a core day-one duty.
Scope boundaries
β’ Does not own enterprise AWS Organizations or SCP operations.
Designs and builds reference guardrails and enforcement patterns that can be deployed by enterprise teams.
Focuses on preventive controls and compliance automation, not incident response.
What you will deliver
First 90 days
β’ Pipeline security templates in GitHub Actions and Azure DevOps with SAST, SCA, IaC, container, and secret scanning gates.
β’ Compliance as code in reference accounts: AWS Config rules and Security Hub standards aligned to CJIS and NIST 800-53, with exceptions workflow documented.
β’ IaC reference modules using AWS CDK and CloudFormation for IAM least privilege, KMS, Secrets Manager, logging, and network baselines; Terraform equivalents provided where teams require them.
β’ Evidence exports tying checks to control IDs and producing auditor-ready artifacts.
Ongoing
β’ Harden CDK/CFT modules and pipeline templates as compliance needs evolve.
β’ Coach pilot teams to adopt templates.
β’ Raise gaps to enterprise teams for org-level enforcement.
Day-to-day responsibilities
β’ Author and maintain AWS CDK constructs and CloudFormation templates; provide Terraform versions as secondary.
β’ Implement AWS Config conformance, Security Hub standards, and GuardDuty routing in reference accounts.
β’ Wire scanning in CI/CD for app code, containers, and IaC.
β’ Create reusable GitHub/Azure DevOps templates with enforcement gates and exception handling.
β’ Generate posture and evidence reports mapped to CJIS and NIST controls.
β’ Decision rights
β’ Independent on design and build within standards; proposes guardrails and reference patterns; escalates enterprise-wide changes.
Skill Matrix:
β’ 5+ years AWS security automation and DevOps - Required
β’ Strong with AWS CDK and CloudFormation; working proficiency in Terraform - Required
β’ CI/CD authoring in GitHub Actions and Azure DevOps - Required
β’ Proficient in Python and Bash, with PowerShell for Windows automation - Required
β’ Able to read Java and C# to integrate and tune SAST/SCA - Required
β’ 5+ years AWS security automation and DevOps - Required
β’ Strong with AWS CDK and CloudFormation; working proficiency in Terraform - Required
β’ CI/CD authoring in GitHub Actions and Azure DevOps - Required
β’ Proficient in Python and Bash, with PowerShell for Windows automation - Required
β’ Able to read Java and C# to integrate and tune SAST/SCA - Required
β’ Practical knowledge of CJIS and NIST 800-53 control families and how to automate checks and evidence - Required
β’ EKS/ECS/Lambda hardening patterns - Nice to have
β’ OPA/Conftest, Checkov, Trivy, Inspector, CodeQL or equivalent - Nice to have
β’ Basic Azure security automation for future phases - Nice to have
β’ Practical knowledge of CJIS and NIST 800-53 control families and how to automate checks and evidence - Required
β’ EKS/ECS/Lambda hardening patterns - Nice to have
β’ OPA/Conftest, Checkov, Trivy, Inspector, CodeQL or equivalent - Nice to have
β’ Basic Azure security automation for future phases - Nice to have
Question 1: Where does your candidate currently reside?
Question 2: Do you understand, and will abide by, the provision in your subcontract with OST that it is PROHIBITED for government equipment to be taken or used outside of the United States by your contractors? The consequences of this occurring can and will result in repercussions to you, the prime vendor, regardless if the candidate works for a sub-vendor of yours. It will also result in immediate termination of the contractor, and make them ineligible for rehire in the program.
Question 3: This is a Hybrid position with two days onsite. Are you fine with this?
Question 4: This req. is available to candidates nationwide, but candidate must be ready to relocate for this hybrid position (60% remote vs. 40% onsite). Question 5: Candidate must go onsite on their first day to pick up commonwealth-issued equipment, badging, etc. Role contingent on compliant PATCH and passing PSDC/CJIS background checks. Are you fine with this?
Location: Hybrid (02 days onsite), 1920 Technology Parkway, Mechanicsburg, PA 17050
Type: Long term contract
Please send resume to "jobs at etechnovision dot com" with B4017B in Subject for immediate consideration.
Dice is the leading career destination for tech experts at every stage of their careers. Our client, Technovision, Inc., is seeking the following. Apply via Dice today!
Our direct client is looking for a AWS security automation and DevOps Engineer for a Hybrid long term contract position in Mechanicsburg, PA.
Note:
β’ Hybrid with two days onsite. Schedule can be discussed during interview.
β’ Work hours: 8AM to 5PM (hourlong lunch)
β’ Start date can be ID'd upon after compliant PATCH and PSDC-related clearance has been processed and approved.
Job Description:
β’ Client requires the services of a Senior DevSecOps Engineer to act as consultant with the PSDC Solutions Management group.
β’ Hands-on security automation for AWS delivery. Build secure-by-default CDK constructs and CloudFormation templates, wire them into CI/CD, and enforce compliance checks that map to CJIS and NIST. Azure support is a future consideration, not a core day-one duty.
Scope boundaries
β’ Does not own enterprise AWS Organizations or SCP operations.
Designs and builds reference guardrails and enforcement patterns that can be deployed by enterprise teams.
Focuses on preventive controls and compliance automation, not incident response.
What you will deliver
First 90 days
β’ Pipeline security templates in GitHub Actions and Azure DevOps with SAST, SCA, IaC, container, and secret scanning gates.
β’ Compliance as code in reference accounts: AWS Config rules and Security Hub standards aligned to CJIS and NIST 800-53, with exceptions workflow documented.
β’ IaC reference modules using AWS CDK and CloudFormation for IAM least privilege, KMS, Secrets Manager, logging, and network baselines; Terraform equivalents provided where teams require them.
β’ Evidence exports tying checks to control IDs and producing auditor-ready artifacts.
Ongoing
β’ Harden CDK/CFT modules and pipeline templates as compliance needs evolve.
β’ Coach pilot teams to adopt templates.
β’ Raise gaps to enterprise teams for org-level enforcement.
Day-to-day responsibilities
β’ Author and maintain AWS CDK constructs and CloudFormation templates; provide Terraform versions as secondary.
β’ Implement AWS Config conformance, Security Hub standards, and GuardDuty routing in reference accounts.
β’ Wire scanning in CI/CD for app code, containers, and IaC.
β’ Create reusable GitHub/Azure DevOps templates with enforcement gates and exception handling.
β’ Generate posture and evidence reports mapped to CJIS and NIST controls.
β’ Decision rights
β’ Independent on design and build within standards; proposes guardrails and reference patterns; escalates enterprise-wide changes.
Skill Matrix:
β’ 5+ years AWS security automation and DevOps - Required
β’ Strong with AWS CDK and CloudFormation; working proficiency in Terraform - Required
β’ CI/CD authoring in GitHub Actions and Azure DevOps - Required
β’ Proficient in Python and Bash, with PowerShell for Windows automation - Required
β’ Able to read Java and C# to integrate and tune SAST/SCA - Required
β’ 5+ years AWS security automation and DevOps - Required
β’ Strong with AWS CDK and CloudFormation; working proficiency in Terraform - Required
β’ CI/CD authoring in GitHub Actions and Azure DevOps - Required
β’ Proficient in Python and Bash, with PowerShell for Windows automation - Required
β’ Able to read Java and C# to integrate and tune SAST/SCA - Required
β’ Practical knowledge of CJIS and NIST 800-53 control families and how to automate checks and evidence - Required
β’ EKS/ECS/Lambda hardening patterns - Nice to have
β’ OPA/Conftest, Checkov, Trivy, Inspector, CodeQL or equivalent - Nice to have
β’ Basic Azure security automation for future phases - Nice to have
β’ Practical knowledge of CJIS and NIST 800-53 control families and how to automate checks and evidence - Required
β’ EKS/ECS/Lambda hardening patterns - Nice to have
β’ OPA/Conftest, Checkov, Trivy, Inspector, CodeQL or equivalent - Nice to have
β’ Basic Azure security automation for future phases - Nice to have
Question 1: Where does your candidate currently reside?
Question 2: Do you understand, and will abide by, the provision in your subcontract with OST that it is PROHIBITED for government equipment to be taken or used outside of the United States by your contractors? The consequences of this occurring can and will result in repercussions to you, the prime vendor, regardless if the candidate works for a sub-vendor of yours. It will also result in immediate termination of the contractor, and make them ineligible for rehire in the program.
Question 3: This is a Hybrid position with two days onsite. Are you fine with this?
Question 4: This req. is available to candidates nationwide, but candidate must be ready to relocate for this hybrid position (60% remote vs. 40% onsite). Question 5: Candidate must go onsite on their first day to pick up commonwealth-issued equipment, badging, etc. Role contingent on compliant PATCH and passing PSDC/CJIS background checks. Are you fine with this?
Location: Hybrid (02 days onsite), 1920 Technology Parkway, Mechanicsburg, PA 17050
Type: Long term contract
Please send resume to "jobs at etechnovision dot com" with B4017B in Subject for immediate consideration.
