InfoPeople
Role Summary
Hands-on security automation role focused on AWS delivery. Responsibilities include building secure-by-default AWS CDK constructs and CloudFormation templates, integrating them into CI/CD pipelines, and enforcing compliance checks aligned with CJIS and NIST standards. Azure support may be considered in future phases but is not part of the initial scope.
Scope Boundaries Does not manage enterprise AWS Organizations or SCP operations. Designs and delivers reference guardrails and enforcement patterns for enterprise teams to deploy. Focused on preventive controls and compliance automation, not incident response. Deliverables
First 90 Days
Pipeline security templates in GitHub Actions and Azure DevOps with gates for SAST, SCA, IaC, container, and secret scanning. Compliance-as-code in reference accounts, including AWS Config rules and Security Hub standards aligned to CJIS and NIST 800-53, with documented exception workflows. AWS CDK and CloudFormation reference modules for IAM least privilege, KMS, Secrets Manager, logging, and network baselines, with Terraform equivalents where required. Evidence exports that map compliance checks to control IDs and produce auditor-ready artifacts. Ongoing
Continuously harden CDK/CloudFormation modules and pipeline templates as compliance needs evolve. Coach pilot teams in adopting templates. Identify and escalate gaps requiring org-level enforcement. Day-to-Day Responsibilities
Author and maintain AWS CDK constructs and CloudFormation templates, with Terraform versions as needed. Implement AWS Config conformance packs, Security Hub standards, and GuardDuty routing in reference accounts. Integrate scanning in CI/CD pipelines for application code, containers, and IaC. Develop reusable GitHub Actions and Azure DevOps templates with enforcement gates and exception handling. Generate security posture and evidence reports mapped to CJIS and NIST controls. Required Skills
5+ years of AWS security automation and DevOps experience. Strong expertise in AWS CDK and CloudFormation; working proficiency in Terraform. Hands-on experience with CI/CD pipelines in GitHub Actions and Azure DevOps. Proficiency in Python and Bash; PowerShell skills for Windows automation. Ability to read Java and C# to integrate and tune SAST/SCA tools. Practical knowledge of CJIS and NIST 800-53 control families, including automation of checks and evidence collection. Nice to Have
Experience with EKS/ECS/Lambda hardening patterns. Familiarity with OPA/Conftest, Checkov, Trivy, Inspector, CodeQL, or similar. Basic Azure security automation experience for future initiatives. Decision Rights
Independent authority to design and build solutions within enterprise standards. Proposes guardrails and reference patterns. Escalates enterprise-wide enforcement changes as needed.
Hands-on security automation role focused on AWS delivery. Responsibilities include building secure-by-default AWS CDK constructs and CloudFormation templates, integrating them into CI/CD pipelines, and enforcing compliance checks aligned with CJIS and NIST standards. Azure support may be considered in future phases but is not part of the initial scope.
Scope Boundaries Does not manage enterprise AWS Organizations or SCP operations. Designs and delivers reference guardrails and enforcement patterns for enterprise teams to deploy. Focused on preventive controls and compliance automation, not incident response. Deliverables
First 90 Days
Pipeline security templates in GitHub Actions and Azure DevOps with gates for SAST, SCA, IaC, container, and secret scanning. Compliance-as-code in reference accounts, including AWS Config rules and Security Hub standards aligned to CJIS and NIST 800-53, with documented exception workflows. AWS CDK and CloudFormation reference modules for IAM least privilege, KMS, Secrets Manager, logging, and network baselines, with Terraform equivalents where required. Evidence exports that map compliance checks to control IDs and produce auditor-ready artifacts. Ongoing
Continuously harden CDK/CloudFormation modules and pipeline templates as compliance needs evolve. Coach pilot teams in adopting templates. Identify and escalate gaps requiring org-level enforcement. Day-to-Day Responsibilities
Author and maintain AWS CDK constructs and CloudFormation templates, with Terraform versions as needed. Implement AWS Config conformance packs, Security Hub standards, and GuardDuty routing in reference accounts. Integrate scanning in CI/CD pipelines for application code, containers, and IaC. Develop reusable GitHub Actions and Azure DevOps templates with enforcement gates and exception handling. Generate security posture and evidence reports mapped to CJIS and NIST controls. Required Skills
5+ years of AWS security automation and DevOps experience. Strong expertise in AWS CDK and CloudFormation; working proficiency in Terraform. Hands-on experience with CI/CD pipelines in GitHub Actions and Azure DevOps. Proficiency in Python and Bash; PowerShell skills for Windows automation. Ability to read Java and C# to integrate and tune SAST/SCA tools. Practical knowledge of CJIS and NIST 800-53 control families, including automation of checks and evidence collection. Nice to Have
Experience with EKS/ECS/Lambda hardening patterns. Familiarity with OPA/Conftest, Checkov, Trivy, Inspector, CodeQL, or similar. Basic Azure security automation experience for future initiatives. Decision Rights
Independent authority to design and build solutions within enterprise standards. Proposes guardrails and reference patterns. Escalates enterprise-wide enforcement changes as needed.