Ark Solutions
Senior DevSecOps Engineer :: Mechanicsburg, PA (Hybrid)
Ark Solutions, Mechanicsburg, Pennsylvania, United States, 17050
Senior DevSecOps Engineer
Location:
Hybrid at Mechanicsburg, PA
Contract Duration:
8 months
Role Summary:
Engage in hands-on security automation for AWS delivery. Build secure-by-default CDK constructs and CloudFormation templates, integrate them into CI/CD, and enforce compliance checks aligned with CJIS and NIST standards. Azure support may be considered in future phases.
Scope Boundaries: Does not involve managing enterprise AWS Organizations or SCP operations. Design and build reference guardrails and enforcement patterns for enterprise deployment. Focus on preventive controls and compliance automation, not incident response. What You Will Deliver:
First 90 days:
Create pipeline security templates in GitHub Actions and Azure DevOps with SAST, SCA, IaC, container, and secret scanning gates. Implement compliance as code in reference accounts with AWS Config rules and Security Hub standards aligning to CJIS and NIST 800-53. Develop IaC reference modules using AWS CDK and CloudFormation; provide Terraform equivalents as needed. Produce evidence exports mapping checks to control IDs for auditor-ready artifacts.
Ongoing:
Harden CDK/CFT modules and pipeline templates as compliance needs evolve. Coach pilot teams to adopt templates. Identify and escalate gaps for organization-level enforcement.
Day-to-Day Responsibilities:
Author and maintain AWS CDK constructs and CloudFormation templates; provide Terraform versions as secondary. Implement AWS Config conformance, Security Hub standards, and GuardDuty routing in reference accounts. Integrate scanning in CI/CD for app code, containers, and IaC. Create reusable GitHub/Azure DevOps templates with enforcement gates and exception handling. Generate posture and evidence reports mapped to CJIS and NIST controls. Required Skills:
5 years of AWS security automation and DevOps experience. Strong expertise with AWS CDK and CloudFormation; working proficiency in Terraform. Experience in CI/CD authoring in GitHub Actions and Azure DevOps. Proficient in Python and Bash, with PowerShell for Windows automation. Ability to read Java and C# to integrate and tune SAST/SCA. Practical knowledge of CJIS and NIST 800-53 control families and how to automate checks and evidence. Nice to Have:
EKS/ECS/Lambda hardening patterns. Experience with OPA/Conftest, Checkov, Trivy, Inspector, CodeQL, or equivalent tools. Basic Azure security automation for future phases.
Location:
Hybrid at Mechanicsburg, PA
Contract Duration:
8 months
Role Summary:
Engage in hands-on security automation for AWS delivery. Build secure-by-default CDK constructs and CloudFormation templates, integrate them into CI/CD, and enforce compliance checks aligned with CJIS and NIST standards. Azure support may be considered in future phases.
Scope Boundaries: Does not involve managing enterprise AWS Organizations or SCP operations. Design and build reference guardrails and enforcement patterns for enterprise deployment. Focus on preventive controls and compliance automation, not incident response. What You Will Deliver:
First 90 days:
Create pipeline security templates in GitHub Actions and Azure DevOps with SAST, SCA, IaC, container, and secret scanning gates. Implement compliance as code in reference accounts with AWS Config rules and Security Hub standards aligning to CJIS and NIST 800-53. Develop IaC reference modules using AWS CDK and CloudFormation; provide Terraform equivalents as needed. Produce evidence exports mapping checks to control IDs for auditor-ready artifacts.
Ongoing:
Harden CDK/CFT modules and pipeline templates as compliance needs evolve. Coach pilot teams to adopt templates. Identify and escalate gaps for organization-level enforcement.
Day-to-Day Responsibilities:
Author and maintain AWS CDK constructs and CloudFormation templates; provide Terraform versions as secondary. Implement AWS Config conformance, Security Hub standards, and GuardDuty routing in reference accounts. Integrate scanning in CI/CD for app code, containers, and IaC. Create reusable GitHub/Azure DevOps templates with enforcement gates and exception handling. Generate posture and evidence reports mapped to CJIS and NIST controls. Required Skills:
5 years of AWS security automation and DevOps experience. Strong expertise with AWS CDK and CloudFormation; working proficiency in Terraform. Experience in CI/CD authoring in GitHub Actions and Azure DevOps. Proficient in Python and Bash, with PowerShell for Windows automation. Ability to read Java and C# to integrate and tune SAST/SCA. Practical knowledge of CJIS and NIST 800-53 control families and how to automate checks and evidence. Nice to Have:
EKS/ECS/Lambda hardening patterns. Experience with OPA/Conftest, Checkov, Trivy, Inspector, CodeQL, or equivalent tools. Basic Azure security automation for future phases.