Senior DevSecOps Engineer (Local/Non- Hybrid)

Job DescriptionJob Description
Job Title: Senior DevSecOps Engineer (Local/Non- Hybrid)
Job Code: PA 777897
Location: Mechanicsburg, PA (Hybrid 60% Remote / 40% Onsite)
Contract Duration: Until 06/30/2026
Work Hours: 8 AM 5 PM (1-hour lunch)

Position Overview:
The Commonwealth of PA PSDC (Public Safety Delivery Center) is seeking a Senior DevSecOps Engineer to join the PSDC Solutions Management group. This hybrid role requires hands-on experience with AWS security automation, CI/CD pipeline hardening, and compliance enforcement. Local candidates are , but non- willing to relocate are encouraged to apply.

Work Location:
Hybrid with two days onsite at 1920 Technology Parkway, Mechanicsburg, PA 17050. Candidates must be onsite on the first day to pick up Commonwealth-issued equipment, complete badging, and fulfill compliance requirements.

Eligibility:
Candidates must successfully pass PATCH and PSDC/CJIS background checks, including fingerprinting.

Pre-Screen Questions:

1. This position requires an in-depth background check, including fingerprinting. Do you accept this requirement?
   
   
2. Where do you currently reside?
   
   

Role Summary:
The Senior DevSecOps Engineer will:

• Build secure-by-default AWS CDK constructs and CloudFormation templates.
  
  
• Integrate templates into CI/CD pipelines with SAST, SCA, IaC, container, and secret scanning gates.
  
  
• Enforce compliance aligned to CJIS and NIST 800-53 standards.
  
  
• Provide Terraform equivalents where required.
  
  
• Generate auditor-ready artifacts and evidence exports.
  
  

Responsibilities:

• Author and maintain AWS CDK constructs, CloudFormation templates, and Terraform modules.
  
  
• Implement AWS Config conformance, Security Hub standards, and GuardDuty routing in reference accounts.
  
  
• Wire scanning in CI/CD for application code, containers, and IaC.
  
  
• Create reusable GitHub Actions and Azure DevOps templates with enforcement gates.
  
  
• Generate posture and evidence reports mapped to CJIS and NIST controls.
  
  
• Coach pilot teams and escalate gaps to enterprise teams for organization-level enforcement.
  
  

Required Skills & Experience:

• 5+ years AWS security automation and DevOps experience
  
  
• Strong AWS CDK and CloudFormation skills; working proficiency in Terraform
  
  
• CI/CD authoring experience in GitHub Actions and Azure DevOps
  
  
• Proficient in Python and Bash, with PowerShell for Windows automation
  
  
• Able to read Java and C# to integrate and tune SAST/SCA tools
  
  
• Practical knowledge of CJIS and NIST 800-53 control families and how to automate compliance checks
  
  

Nice-to-Have Skills:

• EKS/ECS/Lambda hardening patterns
  
  
• OPA/Conftest, Checkov, Trivy, Inspector, CodeQL or equivalent
  
  
• Basic Azure security automation
  
  

Decision Rights:
The role has independent design and build authority within standards, proposes guardrails and reference patterns, and escalates enterprise-wide changes as needed.

Primary Skills:
NIST, Python, SAST, SCA, IaC, AWS CDK, CJIS, GuardDuty routing, CI/CD authoring, AWS security automation, DevOps, Bash, PowerShell, NIST 800-53

Flexible work from home options available.