Senior DevSecOps Engineer
Bridgeton, New Jersey, United States of America
Contract
2 weeks ago
$40 - $60 USD
Key skills
PythonJavaC#CBashPowerShellAWSAzureTerraformGitHub ActionsECSEKSCloudFormationAWS CDKLambdaIAMAzure DevOpsGitHubCI/CDTrivy
About this role
Role summary
Hands-on security automation for AWS delivery. Build secure-by-default CDK constructs and CloudFormation templates, wire them into CI/CD, and enforce compliance checks that map to CJIS and NIST. Azure support is a future consideration, not a core day-one duty.
Scope boundaries
· Does not own enterprise AWS Organizations or SCP operations.
· Designs and builds reference guardrails and enforcement patterns that can be deployed by enterprise teams.
· Focuses on preventive controls and compliance automation, not incident response.
What you will deliver
· First 90 days
o Pipeline security templates in GitHub Actions and Azure DevOps with SAST, SCA, IaC, container, and secret scanning gates.
o Compliance as code in reference accounts: AWS Config rules and Security Hub standards aligned to CJIS and NIST 800-53, with exceptions workflow documented.
o IaC reference modules using AWS CDK and CloudFormation for IAM least privilege, KMS, Secrets Manager, logging, and network baselines; Terraform equivalents provided where teams require them.
o Evidence exports tying checks to control IDs and producing auditor-ready artifacts.
· Ongoing
o Harden CDK/CFT modules and pipeline templates as compliance needs evolve.
o Coach pilot teams to adopt templates.
o Raise gaps to enterprise teams for org-level enforcement.
Day-to-day Responsibilities
· Author and maintain AWS CDK constructs and CloudFormation templates; provide Terraform versions as secondary.
· Implement AWS Config conformance, Security Hub standards, and GuardDuty routing in reference accounts.
· Wire scanning in CI/CD for app code, containers, and IaC.
· Create reusable GitHub/Azure DevOps templates with enforcement gates and exception handling.
· Generate posture and evidence reports mapped to CJIS and NIST controls.
Required skills
· 5+ years AWS security automation and DevOps.
· Strong with AWS CDK and CloudFormation; working proficiency in Terraform.
· CI/CD authoring in GitHub Actions and Azure DevOps.
· Proficient in Python and Bash, with PowerShell for Windows automation.
· Able to read Java and C# to integrate and tune SAST/SCA.
· Practical knowledge of CJIS and NIST 800-53 control families and how to automate checks and evidence.
Nice to have
· EKS/ECS/Lambda hardening patterns.
· OPA/Conftest, Checkov, Trivy, Inspector, Code QL or equivalent.
· Basic Azure security automation for future phases.
Decision rights
Independent on design and build within standards; proposes guardrails and reference patterns; escalates enterprise-wide changes.