Senior DevSecOps Engineer in Mechanicsburg

Energy Jobline is the largest and fastest growing global Energy Job Board and Energy Hub. We have an audience reach of over 7 million energy professionals, 400,000+ monthly advertised global energy and engineering jobs, and work with the leading energy companies worldwide.

We focus on the Oil & Gas, Renewables, Engineering, Power, and Nuclear markets as well as emerging technologies in EV, Battery, and Fusion. We are committed to ensuring that we offer the most exciting career opportunities from around the world for our jobseekers.

Job DescriptionJob DescriptionSenior DevSecOps Engineer
*This is a hybrid position with 2 days/week onsite

Description:

• The client requires the services of a Senior DevSecOps Engineer to act as consultant with the clients' Solutions Management group.

Responsibilities:

• Hands-on security automation for AWS delivery.
• Build secure-by-default CDK constructs and CloudFormation templates wire them into CI/CD and enforce compliance checks that map to CJIS and NIST.
• Azure support is a future consideration, not a core day-one duty.

Scope boundaries:

• Does not own enterprise AWS Organizations or SCP operations.
• Designs and builds reference guardrails and enforcement patterns that can be deployed by enterprise teams.
• Focuses on preventive controls and compliance automation not incident response.

What you will deliver:

• Pipeline security templates in GitHub Actions and Azure DevOps with SAST SCA IaC container and secret scanning gates.
• Compliance as code in reference accounts: AWS Config rules and Security Hub standards aligned to CJIS and NIST 800-53 with exceptions workflow documented.
• IaC reference modules using AWS CDK and\n CloudFormation for IAM least privilege KMS Secrets Manager logging and network baselines Terraform equivalents provided where teams require them.
• Evidence exports tying checks to control IDs and\n producing auditor-ready artifacts.

Ongoing:

• Harden CDK/CFT modules and pipeline templates as compliance needs evolve.
• Coach pilot teams to adopt templates.
• Raise gaps to enterprise teams for org-level enforcement.

Day-to-day responsibilities:

• Author and maintain AWS CDK constructs and CloudFormation templates provide Terraform versions as secondary.
• Implement AWS Config conformance Security Hub standards and GuardDuty routing in reference accounts.
• Wire scanning in CI/CD for app code containers and IaC.
• Create reusable GitHub/Azure DevOps templates with enforcement gates and exception handling.
• Generate posture and evidence reports mapped to CJIS and NIST controls.

Required Skills/Knowledge/Experience:

• 5+ years AWS security automation and DevOps, Required 5 Years
• Strong with AWS CDK and CloudFormation; working proficiency in Terraform, Required
• CI/CD authoring in GitHub Actions and Azure DevOps, Required
• Proficient in Python and Bash, with PowerShell for Windows automation, Required
• Able to read Java and C# to integrate and tune SAST/SCA, Required
• Practical knowledge of CJIS and NIST 800-53 control families and how to automate checks and evidence, Required
• EKS/ECS/Lambda hardening patterns, Nice to have
• OPA/Conftest, Checkov, Trivy, Inspector, CodeQL or equivalent, Nice to have
• Basic Azure security automation for future phases, Nice to have

Proper email communication will only be done to and from @astyra.com email addresses. Please ensure you are communicating with approved Astyra recruiters by checking this point when receiving offers and messages from us. Please ensure you are communicating within these guidelines and proper channels for the quickest possible interview consideration!

#AC

If you are interested in applying for this job please press the Apply Button and follow the application process. Energy Jobline wishes you the very best of luck in your next career move.