Senior DevSecOps Engineer (TAS1 A4 SC3)

Overview

Seeking a Senior DevSecOps Engineer to act as a consultant within a solutions management group, focusing on security automation for AWS environments. The role emphasizes building secure infrastructure, enforcing compliance, and integrating security controls into CI/CD pipelines.

Important Notes:

• Contract is funded through June 30, 2026, with potential extension.
• Candidates must be willing to relocate for a hybrid role if not local.
• Initial onsite presence required for equipment pickup and onboarding.
• Role is contingent on successful background checks and clearance approvals.
• Do not resubmit candidates from previous requisitions.

Role Summary

Hands-on role focused on security automation within AWS delivery pipelines. Responsibilities include developing secure-by-default infrastructure templates, integrating compliance checks, and aligning with CJIS and NIST standards.

Note: Azure support may be introduced in future phases.

Scope Boundaries

• Does not manage enterprise-level AWS Organizations or SCPs
• Focus on reference architectures, guardrails, and enforcement patterns
• Emphasis on preventive controls and compliance automation, not incident response

Key Deliverables (First 90 Days)

• Build secure CI/CD pipeline templates (GitHub Actions & Azure DevOps) with:
  • SAST, SCA, IaC, container, and secret scanning
• Implement compliance-as-code:
  • AWS Config rules
  • Security Hub standards aligned to CJIS & NIST 800-53
• Develop Infrastructure-as-Code modules:
  • AWS CDK & CloudFormation
  • Terraform (as needed)
  • Cover IAM, KMS, Secrets Manager, logging, and networking
• Generate audit-ready evidence reports mapped to compliance controls

Ongoing Responsibilities

• Enhance security templates and compliance frameworks
• Support adoption by engineering teams
• Identify and escalate enterprise-level gaps

Day-to-Day Responsibilities

• Develop and maintain AWS CDK & CloudFormation templates
• Implement AWS Config, Security Hub, and GuardDuty integrations
• Integrate security scanning into CI/CD pipelines
• Create reusable pipeline templates with enforcement controls
• Generate compliance and audit reports

Required Skills

• 5+ years of AWS security automation & DevOps experience
• Strong expertise in AWS CDK & CloudFormation; working knowledge of Terraform
• Experience with GitHub Actions and Azure DevOps CI/CD pipelines
• Proficiency in Python, Bash, and PowerShell
• Ability to read Java and C# for SAST/SCA integration
• Knowledge of CJIS and NIST 800-53 compliance frameworks

Nice to Have

• Experience with EKS, ECS, and Lambda security hardening
• Familiarity with tools like OPA, Conftest, Checkov, Trivy, Inspector, CodeQL
• Basic knowledge of Azure security automation