Senior DevSecOps Engineer

About the Role
We are seeking a hands-on Senior DevSecOps Engineer with deep expertise in AWS security automation and compliance. You will design and build secure-by-default cloud infrastructure patterns, compliance as code, and enforce preventive security controls aligned with CJIS and NISTxxxxxxxxxxxxxxxstandards.
This role is focused on automation, preventive security, and compliance guardrails—not incident response.
Key Responsibilities
✅ Build and maintain AWS CDK constructs and CloudFormation templates (Terraform as secondary).
✅ Implement AWS Config conformance, Security Hub standards, GuardDuty routing in reference accounts.
✅ Develop compliance-as-code guardrails mapped to CJIS and NIST controls.
✅ Integrate security scanning (SAST, SCA, IaC, containers, secrets) into CI/CD (GitHub Actions, Azure DevOps).
✅ Produce auditor-ready evidence exports and compliance reports.
✅ Provide coaching and support for pilot teams adopting templates.
What You’ll Deliver (First 90 Days)
🔹 Secure pipeline templates in GitHub Actions & Azure DevOps
🔹 Compliance as code via AWS Config & Security Hub
🔹 Reference IaC modules (IAM, KMS, Secrets Manager, logging, networking)
🔹 Auditor-ready evidence tied to compliance control IDs
Required Skills
5+ years AWS security automation & DevOps
Strong expertise in AWS CDK & CloudFormation (Terraform proficiency a plus)
CI/CD authoring in GitHub Actions & Azure DevOps
Scripting: Python, Bash, PowerShell
Ability to read Java & C# for SAST/SCA integration
Practical knowledge of CJIS & NISTxxxxxxxxxxxxxxxcompliance
Nice to Have
EKS/ECS/Lambda hardening experience
Tools: OPA/Conftest, Checkov, Trivy, Inspector, CodeQL
Exposure to Azure security automation