DevSecOps Engineer
Our client is seeking a highly skilled DevSecOps Engineer to design, build, and operationalize secure, automated delivery pipelines and cloud infrastructure as part of a major migration from on‑premise systems to AWS. This role will partner across four IT teams to drive the transition from manual operations to fully automated, pipeline‑driven delivery using modern DevSecOps practices. This role will ensure that all workloads migrated into the target state are properly authenticated, authorized, logged, scanned, and auditable in alignment with CJIS, COV, and FBI security policies.
CI/CD Pipeline & Secure Delivery Automation
- Design and implement CI/CD pipelines using AWS CodePipeline, CodeBuild, CodeDeploy, GitHub Actions, GitLab CI, or Jenkins with signed commits, and OWASP‑aligned quality gates.
- Integrate SAST/DAST, secret scanning, dependency scanning, and IaC scanning using SonarQube, Checkmarx, Veracode, etc.
- Build production‑ready pipelines for middleware containerization ECS Fargate with portability to Kubernetes.
- Create reusable pipeline templates supporting AWS workloads, open‑source tooling, and COTS product deployments.
- Implement automated testing gates using JUnit, pytest, SonarQube, and other vendor‑provided test harnesses.
- Enable blue/green and canary deployments with automated rollback strategies.
- Automate packaging, configuration, and deployment workflows for COTS applications.
- Apply AI‑assisted code analysis, test generation, and pipeline optimization to accelerate delivery and reduce defects and improve pipeline reliability.
DevSecOps Security, Compliance & Policy Automation
- Implement secrets management using AWS Secrets Manager, CyberArk, or HashiCorp Vault.
- Enforce IaC security scanning using Checkov, Terrascan, or policy‑as‑code tools.
- Build automated compliance checks aligned to CJIS Security Policy using OPA or cloud‑native policy engines.
- Implement container image scanning using Amazon ECR or equivalent enterprise scanning tools.
- Integrate identity and access controls (Okta, CyberArk , Microsoft/Azure AD) into provisioning and deployment workflows.
- Use AI‑driven threat detection, anomaly analysis, and automated remediation to strengthen pipeline and runtime security.
Infrastructure as Code, Automation & Cloud Operations
- Write and maintain IaC using Terraform, CloudFormation, and Ansible for AWS and multi‑cloud environments.
- Establish Git‑based IaC workflows with automated plan/apply pipelines using GitHub /GitLab.
- Convert manual infrastructure (VMware, network, storage) into IaC using Terraform providers, Ansible playbooks.
- Build self‑service infrastructure templates using Terraform modules, AWS Service Catalog.
- Maintain a reusable IaC module library supporting AWS and multi‑cloud patterns.
- Implement automation using AWS Systems Manager, Ansible Automation Platform.
- Build drift detection using Terraform Cloud/Enterprise, Atlantis, or AWS native tools.
- Automate account/project provisioning using AWS Service Catalog, AFT, Landing Zones.
- Build monitoring and alerting pipelines using CloudWatch, Prometheus/Grafana, Elastic Stack, Datadog, PagerDuty, or NewRelic.
- Apply AI/ML for predictive alerting, log correlation, and automated incident triage to reduce MTTR and improve operational resilience.
What You Bring
Required
- Strong experience designing and implementing CI/CD pipelines across multiple toolchains.
- Experience with Git‑based workflows, branching strategies, and automated quality gates.
- Hands‑on experience with AWS services, cloud‑native deployment patterns, and containerized workloads.
- Proficiency with Terraform, CloudFormation, and Ansible.
- Experience integrating SAST/DAST, IaC scanning, and container security into pipelines.
- Strong understanding of secrets management, identity integration, and compliance‑driven DevSecOps.
- Experience automating infrastructure provisioning and configuration.
- Familiarity with CJIS, COV, or similar security frameworks.
Preferred
- Experience with a broad range of AWS services, including CloudFront, S3, Cloud Map, DataSync, CloudTrail, AppMesh, SQS, GuardDuty, AWS Inspector, Route 53, Security Groups, Subnets, Network ACLs, WAF, IAM, and VPC Endpoints.
- Experience migrating legacy middleware to containers or AWS ECS/EKS.
- Experience supporting COTS application deployment automation.
- Knowledge of OPA policy‑as‑code frameworks.
- Experience with multi‑cloud IaC patterns (AWS, Azure, GCP).
- Background in AI‑assisted DevOps, observability, or automated remediation.
- Relevant certifications such as AWS Solutions Architect, DevOps Engineer, Advanced Networking, Security Specialty, HashiCorp Terraform Associate, SRE Practitioner, or Kubernetes (CKA/CKAD)
