Senior DevSecOps Engineer

Stellent IT LLC Logo
Stellent IT LLC
Mechanicsburg, PA, United States
  • Services
  • Applications have closed

Position: Senior DevSecOps Engineer
Location: Hybrid; Remote Off-Site and On-Site in Mechanicsburg, PA

Visa: USC. GC-EAD and

Note: Position is available to candidates nationwide, but candidate must be LOCAL or ready to relocate for this hybrid position (60% remote vs. 40% onsite). Candidate must go on-site on their first day to for onboarding; pick up commonwealth-issued equipment, possible badging, etc.

JD:

Role summary;

  • Hands-on security automation for AWS delivery. Build secure-by-default CDK constructs and CloudFormation templates, wire them into CI/CD, and enforce compliance checks that map to CJIS and NIST. Azure support is a future consideration, not a core day-one duty.
  • Does not own enterprise AWS Organizations or SCP operations.
  • Designs and builds reference guardrails and enforcement patterns that can be deployed by enterprise teams.
  • Focuses on preventive controls and compliance automation, not incident response.
    What you will deliver in the first 90 days;
  • Pipeline security templates in GitHub Actions and Azure DevOps with SAST, SCA, IaC, container, and secret scanning gates.
  • Compliance as code in reference accounts: AWS Config rules and Security Hub standards aligned to CJIS and NIST 800-53, with exceptions workflow documented.
  • IaC reference modules using AWS CDK and CloudFormation for IAM least privilege, KMS, Secrets Manager, logging, and network baselines; Terraform equivalents provided where teams require them.
  • Evidence exports tying checks to control IDs and producing auditor-ready artifacts.
    Ongoing;
  • Harden CDK/CFT modules and pipeline templates as compliance needs evolve.
  • Coach pilot teams to adopt templates.
  • Raise gaps to enterprise teams for org-level enforcement.

Day-to-day responsibilities;

  • Author and maintain AWS CDK constructs and CloudFormation templates; provide Terraform versions as secondary.
  • Implement AWS Config conformance, Security Hub standards, and GuardDuty routing in reference accounts.
  • Wire scanning in CI/CD for app code, containers, and IaC.
  • Create reusable GitHub/Azure DevOps templates with enforcement gates and exception handling.
  • Generate posture and evidence reports mapped to CJIS and NIST controls.

The Skills and Experience:

  • 5+ Years: AWS security automation and DevOps experience
  • Strong with AWS CDK and CloudFormation; working proficiency in Terraform
  • CI/CD authoring in GitHub Actions and Azure DevOps
  • Proficient in Python and Bash, with PowerShell for Windows automation
  • Able to read Java and C# to integrate and tune SAST/SCA
  • Practical knowledge of CJIS and NIST 800-53 control families and how to automate checks and evidence
  • EKS/ECS/Lambda hardening patterns
  • OPA/Conftest, Checkov, Trivy, Inspector, CodeQL or equivalent
  • Basic Azure security automation for future phases

++Navnish kumar++

++Sr. IT Technical Recruiter++

++Stellent IT++ Phone++:++

Email: navnish

Gtalk: navnish++om++

Apply for job