Crescens
Job Title:
Senior DevSecOps Engineer Location:
Mechanicsburg, PA (Hybrid - 2 days onsite, 3 days remote) Type:
Contract Duration: 7+ Months
Role Overview
The Client is seeking an experienced
Senior DevSecOps Engineer
to join the Solutions Management group. The engineer will play a critical role in building
secure-by-default automation for AWS environments , with a strong focus on
compliance, preventive controls, and security guardrails .
This role is best suited for a hands-on engineer who thrives in automating cloud security, designing compliance-driven CI/CD pipelines, and implementing infrastructure-as-code (IaC) aligned to
CJIS and NIST 800-53 standards .
Key Responsibilities
Initial Deliverables (First 90 Days): Develop
pipeline security templates
in GitHub Actions and Azure DevOps, integrating SAST, SCA, IaC, container, and secret scanning gates. Implement
compliance-as-code
with AWS Config rules and Security Hub standards mapped to CJIS and NIST. Deliver
auditor-ready artifacts and evidence exports
aligned to control IDs. Create IaC reference modules using
AWS CDK and CloudFormation
for IAM least privilege, encryption (KMS), Secrets Manager, logging, and network baselines, with Terraform equivalents as needed. Ongoing Responsibilities:
Maintain and harden CDK/CFT modules and CI/CD templates as compliance evolves. Build and enforce
preventive security controls
within AWS reference accounts. Wire security scanning into CI/CD for application code, containers, and IaC. Coach pilot teams to adopt provided security automation. Provide posture reports and evidence mapped to regulatory controls. Collaborate with enterprise teams to escalate org-level gaps. Required Skills & Experience
5+ years
of experience in AWS
security automation and DevOps . Expertise with
AWS CDK and CloudFormation ; strong working knowledge of
Terraform . Hands-on experience building
CI/CD pipelines
in
GitHub Actions
and
Azure DevOps . Strong scripting skills in
Python and Bash
(PowerShell for Windows automation). Ability to read Java and C# for integrating/tuning
SAST/SCA
tools. Practical knowledge of
CJIS and NIST 800-53 control families , including compliance automation. Nice to Have
Experience hardening
EKS, ECS, and Lambda . Familiarity with
OPA/Conftest, Checkov, Trivy, Inspector, CodeQL , or similar tools. Exposure to
Azure security automation
(for future project phases).
Senior DevSecOps Engineer Location:
Mechanicsburg, PA (Hybrid - 2 days onsite, 3 days remote) Type:
Contract Duration: 7+ Months
Role Overview
The Client is seeking an experienced
Senior DevSecOps Engineer
to join the Solutions Management group. The engineer will play a critical role in building
secure-by-default automation for AWS environments , with a strong focus on
compliance, preventive controls, and security guardrails .
This role is best suited for a hands-on engineer who thrives in automating cloud security, designing compliance-driven CI/CD pipelines, and implementing infrastructure-as-code (IaC) aligned to
CJIS and NIST 800-53 standards .
Key Responsibilities
Initial Deliverables (First 90 Days): Develop
pipeline security templates
in GitHub Actions and Azure DevOps, integrating SAST, SCA, IaC, container, and secret scanning gates. Implement
compliance-as-code
with AWS Config rules and Security Hub standards mapped to CJIS and NIST. Deliver
auditor-ready artifacts and evidence exports
aligned to control IDs. Create IaC reference modules using
AWS CDK and CloudFormation
for IAM least privilege, encryption (KMS), Secrets Manager, logging, and network baselines, with Terraform equivalents as needed. Ongoing Responsibilities:
Maintain and harden CDK/CFT modules and CI/CD templates as compliance evolves. Build and enforce
preventive security controls
within AWS reference accounts. Wire security scanning into CI/CD for application code, containers, and IaC. Coach pilot teams to adopt provided security automation. Provide posture reports and evidence mapped to regulatory controls. Collaborate with enterprise teams to escalate org-level gaps. Required Skills & Experience
5+ years
of experience in AWS
security automation and DevOps . Expertise with
AWS CDK and CloudFormation ; strong working knowledge of
Terraform . Hands-on experience building
CI/CD pipelines
in
GitHub Actions
and
Azure DevOps . Strong scripting skills in
Python and Bash
(PowerShell for Windows automation). Ability to read Java and C# for integrating/tuning
SAST/SCA
tools. Practical knowledge of
CJIS and NIST 800-53 control families , including compliance automation. Nice to Have
Experience hardening
EKS, ECS, and Lambda . Familiarity with
OPA/Conftest, Checkov, Trivy, Inspector, CodeQL , or similar tools. Exposure to
Azure security automation
(for future project phases).