ManTech

Hands-on security automation for AWS delivery. Build secure-by-default CDK constructs and CloudFormation templates, wire them into CI/CD, and enforce compliance checks that map to CJIS and NIST. Azure support is a future consideration, not a core day-one duty. Responsibilities:

• Pipeline security templates in GitHub Actions and Azure DevOps with SAST, SCA, IaC, container, and secret scanning gates.
• Compliance as code in reference accounts: AWS Config rules and Security Hub standards aligned to CJIS and NIST 800-53, with exceptions workflow documented.
• IaC reference modules using AWS CDK and CloudFormation for IAM least privilege, KMS, Secrets Manager, logging, and network baselines; Terraform equivalents provided where teams require them.
• Evidence exports tying checks to control IDs and producing auditor-ready artifacts.
• Harden CDK/CFT modules and pipeline templates as compliance needs evolve.
• Coach pilot teams to adopt templates.
• Raise gaps to enterprise teams for org-level enforcement.
• Author and maintain AWS CDK constructs and CloudFormation templates; provide Terraform versions as secondary.
• Implement AWS Config conformance, Security Hub standards, and GuardDuty routing in reference accounts.
• Wire scanning in CI/CD for app code, containers, and IaC.
• Create reusable GitHub/Azure DevOps templates with enforcement gates and exception handling.
• Generate posture and evidence reports mapped to CJIS and NIST controls.

Required/Desired Skills:

• 5+ years AWS security automation and DevOps Required 5 Years
• Strong with AWS CDK and CloudFormation; working proficiency in Terraform. Required
• CI/CD authoring in GitHub Actions and Azure DevOps. Required
• Proficient in Python and Bash, with PowerShell for Windows automation. Required
• Able to read Java and C# to integrate and tune SAST/SCA. Required
• Practical knowledge of CJIS and NIST 800-53 control families and how to automate checks and evidence. Required
• EKS/ECS/Lambda hardening patterns. Nice to have
• OPA/Conftest, Checkov, Trivy, Inspector, CodeQL or equivalent Nice to have
• Basic Azure security automation for future phases Nice to have

Job Type: Contract

Pay: $52.92 - $63.74 per hour

Application Question(s):

• Are you Local for this position ?
• Can i know your current location ?

• Must attach your word format resume

• Are you okay with Onsite interview ?
• We only work with Direct State clients no layers are you fine with that ?

Experience:

• AWS : 5 years (Required)
• AWS CDK and CloudFormation: 5 years (Required)
• GitHub Actions and Azure DevOps: 5 years (Required)
• Java and C# to integrate and tune SAST/SC: 5 years (Required)

Work Location: In person