Job summary: Title: Sr. AWS DevsSecOps Engineer - Hybrid Location: Mechanicsburg, PA, United States Length and terms: Long term - W2 or C2C Position created on 09/26/2025 04:00 pm Job description: *** Very long term project Long term usually goes for 3+ years***Webcam interview*** 37.5 hours per week***Hybrid*** Role summary: Hands on security automation for AWS delivery. Build secure by default CDK constructs and CloudFormation templates, wire them into CI/CD, and enforce compliance checks that map to CJIS and NIST. Azure support is a future consideration, not a core day one duty. Scope boundaries: + Does not own enterprise AWS Organizations or SCP operations. + Designs and builds reference guardrails and enforcement patterns that can be deployed by enterprise teams. + Focuses on preventive controls and compliance automation, not incident response. What you will deliver First 90 days: + Pipeline security templates in GitHub Actions and Azure DevOps with SAST, SCA, IaC, container, and secret scanning gates. + Compliance as code in reference accounts: AWS Config rules and Security Hub standards aligned to CJIS and NIST 800-53, with exceptions workflow documented. + IaC reference modules using AWS CDK and CloudFormation for IAM least privilege, KMS, Secrets Manager, logging, and network baselines, Terraform equivalents provided where teams require them. + Evidence exports tying checks to control IDs and producing auditor ready artifacts. Ongoing: + Harden CDK/CFT modules and pipeline templates as compliance needs evolve. + Coach pilot teams to adopt templates. + Raise gaps to enterprise teams for org-level enforcement. Day to day responsibilities: + Author and maintain AWS CDK constructs and CloudFormation templates, provide Terraform versions as secondary. + Implement AWS Config conformance, Security Hub standards, and GuardDuty routing in reference accounts. + Wire scanning in CI/CD for app code, containers, and IaC. + Create reusable GitHub/Azure DevOps templates with enforcement gates and exception handling. + Generate posture and evidence reports mapped to CJIS and NIST controls. Decision rights: + Independent on design and build within standards, proposes guardrails and reference patterns, escalates enterprise wide changes. Required Skills: + 5+ years AWS security automation and DevOps + Strong with AWS CDK and CloudFormation, working proficiency in Terraform + CI/CD authoring in GitHub Actions and Azure DevOps + Proficient in Python and Bash, with PowerShell for Windows automation + Able to read Java and C# to integrate and tune SAST/SCA + Practical knowledge of CJIS and NIST 800-53 control families and how to automate checks and evidence Nice To Have Skills: + EKS/ECS/Lambda hardening patterns Contact the recruiter working on this position: The recruiter working on this position is Sowmya Pasarla His/her contact number is His/her contact email is sowmya.p@msysinc.com Our recruiters will be more than happy to help you to get this contract.