Senior DevSecOps Engineer,

The Public Safety Delivery Center (PSDC) requires a Senior DevSecOps Engineer to act as a consultant within the PSDC Solutions Management group. This role focuses on hands-on security automation for AWS delivery, building secure-by-default constructs and templates, integrating them into CI/CD pipelines, and enforcing compliance checks aligned with CJIS and NIST standards. The position is hybrid, requiring onsite presence two days a week.

Location: Washington, District of Columbia, Pennsylvania, United States,

Responsibilities:

- Author and maintain AWS CDK constructs and CloudFormation templates, with Terraform versions as secondary.
- Implement AWS Config conformance, Security Hub standards, and GuardDuty routing in reference accounts.
- Integrate scanning in CI/CD pipelines for application code, containers, and Infrastructure as Code (IaC).
- Create reusable GitHub/Azure DevOps templates with enforcement gates and exception handling.
- Generate posture and evidence reports mapped to CJIS and NIST controls.
- Harden CDK/CFT modules and pipeline templates as compliance needs evolve.
- Coach pilot teams to adopt templates.
- Raise gaps to enterprise teams for organization-level enforcement.

Required Skills & Certifications:

- 5+ years of experience in AWS security automation and DevOps.
- Strong proficiency with AWS CDK and CloudFormation; working proficiency in Terraform.
- CI/CD authoring experience in GitHub Actions and Azure DevOps.
- Proficient in Python and Bash, with PowerShell for Windows automation.
- Ability to read Java and C# to integrate and tune SAST/SCA tools.
- Practical knowledge of CJIS and NIST 800-53 control families and how to automate checks and evidence.

Preferred Skills & Certifications:

- Experience with EKS/ECS/Lambda hardening patterns.
- Familiarity with OPA/Conftest, Checkov, Trivy, Inspector, CodeQL, or equivalent tools.
- Basic Azure security automation skills.

Special Considerations:

- The role is contingent on compliant PATCH and passing PSDC/CJIS background checks, including fingerprinting.
- The candidate must be prepared to relocate for the hybrid position.
- The candidate must go onsite on their first day to pick up commonwealth-issued equipment, badging, etc.
- Government equipment cannot be taken or used outside of the United States.

Scheduling:
- Hybrid work model: two days onsite (1920 Technology Parkway, Mechanicsburg, PA 17050).
- Work hours: