DevOps Engineer

Job Title: Senior DevSecOps Engineer Experience: 8 years Location: Cumberland County, PA (Hybrid – 2 days onsite) Duration: 12 Months Contract Key Responsibilities Hands-on security automation for AWS delivery. Build secure-by-default CDK constructs and CloudFormation templates, wire them into CI/CD, and enforce compliance checks that map to CJIS and NIST. Azure support is a future consideration, not a core day-one duty. Scope boundaries • Does not own enterprise AWS Organizations or SCP operations. • Designs and builds reference guardrails and enforcement patterns that can be deployed by enterprise teams. • Focuses on preventive controls and compliance automation, not incident response. • What you will deliver Day-to-day responsibilities • Author and maintain AWS CDK constructs and CloudFormation templates; provide Terraform versions as secondary. • Implement AWS Config conformance, Security Hub standards, and GuardDuty routing in reference accounts. • Wire scanning in CI/CD for app code, containers, and IaC. • Create reusable GitHub/Azure DevOps templates with enforcement gates and exception handling. • Generate posture and evidence reports mapped to CJIS and NIST controls. Required skills • 5+ years AWS security automation and DevOps. • Strong with AWS CDK and CloudFormation; working proficiency in Terraform. • CI/CD authoring in GitHub Actions and Azure DevOps. • Proficient in Python and Bash, with PowerShell for Windows automation. • Able to read Java and C# to integrate and tune SAST/SCA. • Practical knowledge of CJIS and NIST 800-53 control families and how to automate checks and evidence. Nice to have • EKS/ECS/Lambda hardening patterns. • OPA/Conftest, Checkov, Trivy, Inspector, CodeQL or equivalent. • Basic Azure security automation for future phases. • Decision rights