Jobs · Information Technology · Pennsylvania

Senior DevSecOps Architect

PennEngineering® · Danboro, PA · 3 wk ago
HybridInformation TechnologyFull-time

Position Summary

At PennEngineering, we innovate and collaborate to make the world a better place. You can contribute to work that matters with a company where diversity, equity and inclusion are shared values. We are seeking a Senior Developer Security Architect who is responsible for building and operating the security architecture that enables PennEngineering’s engineering teams to ship code safely at high velocity.

About the role

  • Cloud Security Posture & Remediation
  • Continuously assess, harden, and elevate the security posture of PennEngineering's AWS cloud infrastructure, covering both customer-facing platforms and internal enterprise systems
  • Design and build custom security tools, frameworks, and policies tailored to protect PennEngineering's internal and external organizational assets
  • Own the end-to-end vulnerability management lifecycle, including triage, tracking, prioritization, and automated remediation of identified vulnerabilities and cloud misconfigurations
  • Establish a continuous posture improvement program with defined baselines, remediation SLAs, and executive-level reporting on security health
  • Pipeline Security & CI/CD Integration
  • Architect and implement automated security scanning (SAST, SCA, and DAST), embedded directly into CI/CD pipelines, ensuring checks are high-fidelity and low-latency to support our daily deployment cadence
  • Configure pre-commit hooks, pull request checks, and branch protection rules that automatically detect and block secrets, misconfigurations, or vulnerable dependencies before they reach production
  • Partner with AI engineering teams to secure AI/LLM workloads within the pipeline, including prompt injection protections, model input/output validation, and agentic system guardrails
  • Establish security gate standards and developer-friendly documentation so engineering teams understand what is enforced, why, and how to resolve failures quickly
  • Automated Governance & Policy-as-Code
  • Replace manual security audits with automated policy enforcement using infrastructure-as-code tools (Terraform, AWS Config), ensuring non-compliant infrastructure cannot be provisioned
  • Build event-driven automation to detect and auto-remediate common security issues in near real-time, reducing mean time to respond across the environment
  • Define and maintain security governance standards, including access controls, secrets management, encryption policies, and data classification frameworks
  • Establish audit-ready documentation and evidence collection practices to support internal compliance reviews and external assessments
  • Cloud Operations & Threat Response
  • Maintain the operational security health of PennEngineering's AWS environment, using automation to manage scaling events, configuration drift, and self-healing infrastructure
  • Operationalize CrowdStrike and Zscaler telemetry by automating the correlation of security alerts to reduce noise and trigger rapid, automated response workflows
  • Define and own security incident response playbooks; lead root-cause analysis and post-incident reviews to drive systemic improvements
  • Collaborate with IS, infrastructure, and AI engineering teams to ensure threat response practices are integrated across the full technology stack
  • Security Architecture for AI & Emerging Platforms
  • Define the security architecture for PennEngineering’s AI-powered application portfolio, including data access controls, model governance, prompt safety, and auditability for agentic systems
  • Evaluate and advise on security posture for new platforms, tools, and third-party integrations as the technology portfolio evolves
  • Partner with the Principal Systems Architect and AI engineering teams to embed security requirements into solution designs from the earliest stages
  • Stay current on emerging threats relevant to AI systems, cloud-native architectures, and manufacturing/industrial environments, and translate findings into actionable architectural guidance

Requirements

  • 8+ years of experience in cloud security, DevSecOps, or security engineering, with at least 3 years in an architect-level role
  • Deep expertise in AWS cloud architecture and security services, including IAM, Security Hub, GuardDuty, Config, KMS, VPC design, and CloudTrail
  • Proven experience integrating automated security tooling (SAST, SCA, DAST) into modern CI/CD pipelines without degrading deployment velocity
  • Strong scripting and automation skills in Python, Go, or Bash, with the ability to build custom security tools and integrate systems programmatically
  • Experience securing containerized workloads including Docker, Kubernetes, and ECS/EKS deployments
  • Practical knowledge of vulnerability management, threat modeling, incident response, and security operations in a cloud-native environment
  • Demonstrated ability to work as a trusted partner to engineering and product teams, designing security that accelerates rather than blocks delivery
  • Excellent communication skills, including the ability to translate technical security risks into business terms for senior leadership
  • Bachelor's degree in Computer Science, Information Security, Engineering, or a related technical field

Preferred Qualifications

  • Experience defining security architecture for AI/LLM-powered systems, including prompt injection protections, model access controls, output validation, and auditability requirements for agentic applications
  • Hands-on experience operationalizing CrowdStrike and Zscaler in an enterprise environment
  • Familiarity with Model Context Protocol (MCP) and emerging security considerations for tool-use in agentic AI systems
  • Experience in manufacturing, industrial, or complex B2B technology environments
  • Relevant certifications: AWS Security Specialty, CISSP, CCSP, or equivalent
  • Experience contributing to or leading security programs in support of SOC 2, ISO 27001, or similar compliance frameworks
  • Background working in a global organization with multi-region cloud deployments

Similar jobs

Senior DevSecOps Engineer

eSimplicityWashington DC-Baltimore Area· 4 days ago
RemoteEngineeringapply on recruiting.paylocity.com

Senior DevSecOps Engineer

Modern Technology Solutions, Inc. (MTSI)Alexandria, VA· 2 days ago
Engineering$160k–$210k/yrapply on mtsi-va.eightfold.ai