Senior DevSecOps Engineer

Dice is the leading career destination for tech experts at every stage of their careers. Our client, KSN Technologies, Inc., is seeking the following. Apply via Dice today!

Senior DevSecOps Engineer

Mechanicsburg, PA – Hybrid

Longterm Contract

Looking for the candidates who can work without any visa sponsorship.

Work Location: Hybrid with two days onsite (1920 Technology Parkway, Mechanicsburg, PA 17050). Schedule can be discussed during interview.

This req is available to candidates nationwide, but candidate must be ready to relocate for this hybrid position (60% remote vs. 40% onsite). Candidate must go onsite on their first day to pick up commonwealth-issued equipment, badging, etc.. Role contingent on compliant PATCH and passing PSDC/CJIS background checks.

PSDC (Public Safety Delivery Center) requires the services of a Senior DevSecOps Engineer to act as consultant with the PSDC Solutions Management group.

Role Summary

Hands-on security automation for AWS delivery. Build secure-by-default CDK constructs and CloudFormation templates, wire them into CI/CD, and enforce compliance checks that map to CJIS and NIST. Azure support is a future consideration, not a core day-one duty.

Scope boundaries

• Does not own enterprise AWS Organizations or SCP operations.
• Designs and builds reference guardrails and enforcement patterns that can be deployed by enterprise teams.
• Focuses on preventive controls and compliance automation, not incident response.
  
  

What You Will Deliver

First 90 days

• Pipeline security templates in GitHub Actions and Azure DevOps with SAST, SCA, IaC, container, and secret scanning gates.

Looking to advance your Devops career with relocation support? Explore Devops Jobs with Relocation Packages that include comprehensive packages to help you move and settle in your new role.

• Compliance as code in reference accounts: AWS Config rules and Security Hub standards aligned to CJIS and NIST 800-53, with exceptions workflow documented.
• IaC reference modules using AWS CDK and CloudFormation for IAM least privilege, KMS, Secrets Manager, logging, and network baselines; Terraform equivalents provided where teams require them.
• Evidence exports tying checks to control IDs and producing auditor-ready artifacts.
  
  

Ongoing

• Harden CDK/CFT modules and pipeline templates as compliance needs evolve.
• Coach pilot teams to adopt templates.
• Raise gaps to enterprise teams for org-level enforcement.
  
  

Day-to-day Responsibilities

• Author and maintain AWS CDK constructs and CloudFormation templates; provide Terraform versions as secondary.
• Implement AWS Config conformance, Security Hub standards, and GuardDuty routing in reference accounts.
• Wire scanning in CI/CD for app code, containers, and IaC.
• Create reusable GitHub/Azure DevOps templates with enforcement gates and exception handling.
• Generate posture and evidence reports mapped to CJIS and NIST controls.
  
  

Discover our full range of relocation jobs with comprehensive support packages to help you relocate and settle in your new location.

Required Skills

• 5+ years AWS security automation and DevOps.
• Strong with AWS CDK and CloudFormation; working proficiency in Terraform.
• CI/CD authoring in GitHub Actions and Azure DevOps.
• Proficient in Python and Bash, with PowerShell for Windows automation.
• Able to read Java and C# to integrate and tune SAST/SCA.
• Practical knowledge of CJIS and NIST 800-53 control families and how to automate checks and evidence.
  
  

Nice to have

• EKS/ECS/Lambda hardening patterns.
• OPA/Conftest, Checkov, Trivy, Inspector, CodeQL or equivalent.
• Basic Azure security automation for future phases.
  
  

Decision rights

Independent on design and build within standards; proposes guardrails and reference patterns; escalates enterprise-wide changes.

Skill

Required Exp

Candidate Exp

5+ years AWS security automation and DevOps

5

Strong with AWS CDK and CloudFormation; working proficiency in Terraform

Required

CI/CD authoring in GitHub Actions and Azure DevOps

Required

Proficient in Python and Bash, with PowerShell for Windows automation

Required

Able to read Java and C# to integrate and tune SAST/SCA

Required

Practical knowledge of CJIS and NIST 800-53 control families and how to automate checks and evidence

Required

EKS/ECS/Lambda hardening patterns

Nice to have

OPA/Conftest, Checkov, Trivy, Inspector, CodeQL or equivalent

Nice to have

Basic Azure security automation for future phases

Nice to have