Senior DevSecOps Engineer (PSDC)

About The Position

Requirements

• 5+ years of experience in DevSecOps and AWS security automation
• Strong expertise in: AWS CDK and CloudFormation, CI/CD pipelines (GitHub Actions, Azure DevOps)
• Working knowledge of: Terraform, Python, Bash, and PowerShell
• Ability to read and support codebases in Java and C# for security integration
• Practical experience implementing controls aligned to: CJIS, NIST 800-53
• Strong understanding of: Infrastructure as Code (IaC), Security automation and compliance frameworks

Nice To Haves

• Experience with: EKS, ECS, and AWS Lambda security hardening
• Security tools such as OPA/Conftest, Checkov, Trivy, Inspector, CodeQL
• Exposure to Azure security automation (future-state support)

Responsibilities

• Design and implement reference security guardrails and enforcement patterns for AWS environments
• Develop reusable secure infrastructure modules and pipeline templates
• Automate compliance validation aligned to CJIS and NIST 800-53
• Support enterprise teams by providing deployable security frameworks, without direct ownership of AWS Organizations or SCPs
• Develop and maintain AWS CDK constructs and CloudFormation templates
• Provide Terraform equivalents for broader team adoption
• Implement IAM least privilege, KMS, Secrets Manager, logging, and network security baselines
• Build and maintain secure CI/CD pipelines using: GitHub Actions, Azure DevOps
• Integrate security scanning tools for: SAST (Static Application Security Testing), SCA (Software Composition Analysis), IaC scanning, Container security, Secret detection
• Implement AWS Config rules, Security Hub standards, and GuardDuty integrations
• Map controls to CJIS and NIST 800-53 frameworks
• Develop compliance-as-code solutions and automated enforcement mechanisms
• Produce audit-ready evidence and reporting artifacts
• Coach and support pilot teams in adopting secure DevSecOps patterns
• Collaborate with enterprise teams to identify gaps and recommend improvements
• Maintain documentation for exception workflows and compliance processes
• Enhance and maintain security frameworks and pipelines
• Support enterprise adoption and continuous improvement
• Identify and escalate opportunities for enterprise-wide enforcement

Benefits

• Paid vacation, sick leave, and company holidays
• Medical, dental, and vision insurance
• Life insurance coverage
• Short-term and long-term disability insurance
• 401(k) retirement plan with company match and immediate vesting
• Military leave benefits
• Training and professional development opportunities
• Tuition reimbursement
• Employee wellness initiatives
• Commuter benefits
• Additional voluntary benefits