• Sr. AWS DevsSecOps Engineer - Hybrid

    MSys Inc. (Mechanicsburg, PA)


    Job summary:

    Title:

    Sr. AWS DevsSecOps Engineer - Hybrid

    Location:

    Mechanicsburg, PA, United States

    Length and terms:

    Long term - W2 or C2C

     

    Position created on 09/26/2025 04:00 pm

    Job description:

    * Very long term project Long term usually goes for 3+ years***Webcam interview*** 37.5 hours per week***Hybrid*

    Role summary:

    Hands on security automation for AWS delivery. Build secure by default CDK constructs and CloudFormation templates, wire them into CI/CD, and enforce compliance checks that map to CJIS and NIST. Azure support is a future consideration, not a core day one duty.

    Scope boundaries:

    + Does not own enterprise AWS Organizations or SCP operations.

    + Designs and builds reference guardrails and enforcement patterns that can be deployed by enterprise teams.

    + Focuses on preventive controls and compliance automation, not incident response.

     

    What you will deliver

    First 90 days:

    + Pipeline security templates in GitHub Actions and Azure DevOps with SAST, SCA, IaC, container, and secret scanning gates.

    + Compliance as code in reference accounts: AWS Config rules and Security Hub standards aligned to CJIS and NIST 800-53, with exceptions workflow documented.

    + IaC reference modules using AWS CDK and CloudFormation for IAM least privilege, KMS, Secrets Manager, logging, and network baselines, Terraform equivalents provided where teams require them.

    + Evidence exports tying checks to control IDs and producing auditor ready artifacts.

    Ongoing:

    + Harden CDK/CFT modules and pipeline templates as compliance needs evolve.

    + Coach pilot teams to adopt templates.

    + Raise gaps to enterprise teams for org-level enforcement.

    Day to day responsibilities:

    + Author and maintain AWS CDK constructs and CloudFormation templates, provide Terraform versions as secondary.

    + Implement AWS Config conformance, Security Hub standards, and GuardDuty routing in reference accounts.

    + Wire scanning in CI/CD for app code, containers, and IaC.

    + Create reusable GitHub/Azure DevOps templates with enforcement gates and exception handling.

    + Generate posture and evidence reports mapped to CJIS and NIST controls.

    Decision rights:

    + Independent on design and build within standards, proposes guardrails and reference patterns, escalates enterprise wide changes.

    Required Skills:

    + 5+ years AWS security automation and DevOps

    + Strong with AWS CDK and CloudFormation, working proficiency in Terraform

    + CI/CD authoring in GitHub Actions and Azure DevOps

    + Proficient in Python and Bash, with PowerShell for Windows automation

    + Able to read Java and C# to integrate and tune SAST/SCA

    + Practical knowledge of CJIS and NIST 800-53 control families and how to automate checks and evidence

    Nice To Have Skills:

    + EKS/ECS/Lambda hardening patterns

    Contact the recruiter working on this position:

    The recruiter working on this position is Sowmya Pasarla

    His/her contact number is His/her contact email is [email protected]

     

    Our recruiters will be more than happy to help you to get this contract.