Skip to content
mimi
All jobs

Senior DevSecOps Engineer

REDLEO SOFTWARE INC.

Middletown · On-site Contract Senior 6d ago
Apply with a tailored resume Save job

About the role

Scope Boundaries

  • Does not own enterprise AWS Organizations or SCP operations.
  • Designs and builds reference guardrails and enforcement patterns that can be deployed by enterprise teams.
  • Focuses on preventive controls and compliance automation, not incident response.

What You Will Deliver

First 90 Days

  • Pipeline security templates in GitHub Actions and Azure DevOps with SAST, SCA, IaC, container, and secret scanning gates.
  • Compliance as code in reference accounts: AWS Config rules and Security Hub standards aligned to CJIS and NIST 800-53, with exceptions workflow documented.
  • IaC reference modules using AWS CDK and CloudFormation for IAM least privilege, KMS, Secrets Manager, logging, and network baselines; Terraform equivalents provided where teams require them.
  • Evidence exports tying checks to control IDs and producing auditor-ready artifacts.

Ongoing

  • Harden CDK/CFT modules and pipeline templates as compliance needs evolve.
  • Coach pilot teams to adopt templates.
  • Raise gaps to enterprise teams for org-level enforcement.

Day-to-Day Responsibilities

  • Author and maintain AWS CDK constructs and CloudFormation templates; provide Terraform versions as secondary.
  • Implement AWS Config conformance, Security Hub standards, and GuardDuty routing in reference accounts.
  • Wire scanning in CI/CD for app code, containers, and IaC.
  • Create reusable GitHub/Azure DevOps templates with enforcement gates and exception handling.
  • Generate posture and evidence reports mapped to CJIS and NIST controls.

Required Skills

  • 5+ years AWS security automation and DevOps.
  • Strong with AWS CDK and CloudFormation; working proficiency in Terraform.
  • CI/CD authoring in GitHub Actions and Azure DevOps.
  • Proficient in Python and Bash, with PowerShell for Windows automation.
  • Able to read Java and C# to integrate and tune SAST/SCA.
  • Practical knowledge of CJIS and NIST 800-53 control families and how to automate checks and evidence.

Nice to Have

  • EKS/ECS/Lambda hardening patterns.
  • OPA/Conftest, Checkov, Trivy, Inspector, CodeQL or equivalent.
  • Basic Azure security automation for future phases.

Decision Rights

  • Independent on design and build within standards; proposes guardrails and reference patterns; escalates enterprise-wide changes.

Skills

AWS CDKAWS ConfigAWS OrganizationsBashCloudFormationC#CheckovCodeQLContainer scanningDevOpsDockerEKSECSGuardDutyGuardrailsIaC scanningIAMInspectorJavaKMSLambdaNISTOPAPowerShellPythonSASTSCASecurity HubSecrets ManagerTerraformTrivy

Similar roles

Senior SRE Engineer

Jobs via Dice

Senior Cloud Engineer / Site Reliability Engineer (SRE)

Morgan Stanley

$150k – $210k/yr

Senior Full Stack Python Developer

STAFFXPERT LLC

$75 – $80/hr

Don't send a generic resume

Paste this job description into Mimi and get a resume tailored to exactly what the hiring team is looking for.

Get started free