Senior DevSecOps Engineer (PSDC)

Commonwealth of Pennsylvania

Senior DevSecOps Engineer (PSDC)

 

Position Overview

This is advanced-level DevSecOps engineering work supporting the Public Safety Delivery Center (PSDC) within the Commonwealth of Pennsylvania. The Senior DevSecOps Engineer serves as a technical consultant responsible for designing and implementing security automation, compliance enforcement, and secure cloud delivery patterns across AWS environments.

The role focuses on building secure-by-default infrastructure, CI/CD pipelines, and compliance-as-code frameworks aligned with CJIS and NIST 800-53 standards to support mission-critical public safety systems.

Work Location / Schedule

• Hybrid: 2 days onsite (1920 Technology Parkway, Mechanicsburg, PA)
• 60% remote / 40% onsite
• Initial onsite attendance required for equipment and onboarding
• Work Hours: 8:00 AM – 5:00 PM (1-hour lunch)
• Candidates must be willing to relocate if not local

Salary is $100,000 per year W2 with a competitive benefits package.

Clearance Requirements

• Ability to obtain and maintain:
• PATCH (PA Criminal History Clearance)
• PSDC / CJIS background clearance

 

Role Summary

The Senior DevSecOps Engineer will lead the development of security automation frameworks for AWS delivery, including infrastructure-as-code (IaC), CI/CD security integration, and compliance monitoring. This role emphasizes preventive controls, audit readiness, and scalable security patterns, rather than operational incident response.

Scope of Work

• Design and implement reference security guardrails and enforcement patterns for AWS environments
• Develop reusable secure infrastructure modules and pipeline templates
• Automate compliance validation aligned to CJIS and NIST 800-53
• Support enterprise teams by providing deployable security frameworks, without direct ownership of AWS Organizations or SCPs

 

Key Responsibilities

Infrastructure & Security Automation

• Develop and maintain AWS CDK constructs and CloudFormation templates
• Provide Terraform equivalents for broader team adoption
• Implement IAM least privilege, KMS, Secrets Manager, logging, and network security baselines

CI/CD & DevSecOps

• Build and maintain secure CI/CD pipelines using:
• GitHub Actions
• Azure DevOps
• Integrate security scanning tools for:
• SAST (Static Application Security Testing)
• SCA (Software Composition Analysis)
• IaC scanning
• Container security
• Secret detection

Compliance & Governance

• Implement AWS Config rules, Security Hub standards, and GuardDuty integrations
• Map controls to CJIS and NIST 800-53 frameworks
• Develop compliance-as-code solutions and automated enforcement mechanisms
• Produce audit-ready evidence and reporting artifacts

Collaboration & Enablement

• Coach and support pilot teams in adopting secure DevSecOps patterns
• Collaborate with enterprise teams to identify gaps and recommend improvements
• Maintain documentation for exception workflows and compliance processes

Deliverables

First 90 Days

• Secure CI/CD pipeline templates with integrated security scanning
• Compliance-as-code frameworks aligned to CJIS and NIST
• Reusable IaC modules (CDK, CloudFormation, Terraform)
• Automated audit and evidence reporting capabilities

Ongoing

• Enhance and maintain security frameworks and pipelines
• Support enterprise adoption and continuous improvement
• Identify and escalate opportunities for enterprise-wide enforcement

 

Required Qualifications

• 5+ years of experience in DevSecOps and AWS security automation
• Strong expertise in:
• AWS CDK and CloudFormation
• CI/CD pipelines (GitHub Actions, Azure DevOps)
• Working knowledge of:
• Terraform
• Python, Bash, and PowerShell
• Ability to read and support codebases in Java and C# for security integration
• Practical experience implementing controls aligned to:
• CJIS
• NIST 800-53
• Strong understanding of:
• Infrastructure as Code (IaC)
• Security automation and compliance frameworks

Preferred Qualifications

• Experience with:
• EKS, ECS, and AWS Lambda security hardening
• Security tools such as OPA/Conftest, Checkov, Trivy, Inspector, CodeQL
• Exposure to Azure security automation (future-state support)

Key Skills

• AWS Security & DevSecOps
• Infrastructure as Code (CDK, CloudFormation, Terraform)
• CI/CD Pipeline Security
• Compliance Automation (CJIS, NIST 800-53)
• SAST / SCA / IaC / Container Security
• Scripting (Python, Bash, PowerShell)
• Cloud Security Architecture
• Audit & Evidence Reporting
• Cross-Team Collaboration & Enablement

 

Benefits & Career Growth

At Fathom Management, Inc., we provide a competitive benefits package designed to support employee well-being, financial stability, and professional development.

Employee Benefits Include

• Paid vacation, sick leave, and company holidays
• Medical, dental, and vision insurance
• Life insurance coverage
• Short-term and long-term disability insurance
• 401(k) retirement plan with company match and immediate vesting
• Military leave benefits
• Training and professional development opportunities
• Tuition reimbursement
• Employee wellness initiatives
• Commuter benefits
• Additional voluntary benefits

Equal Employment Opportunity (EEO) Statement

Fathom Management, Inc. is an Equal Opportunity Employer committed to fostering a diverse and inclusive workplace.

All employment decisions-including recruitment, hiring, training, promotion, compensation, benefits, and termination-are made without regard to race, color, religion, creed, national origin, sex, age, marital status, sexual orientation, gender identity, citizenship status, veteran status, disability, or any other characteristic protected by applicable federal, state, or local law.