PSDC - TAS1 A4 SC3 (Senior DevSecOps Engineer)

Commonwealth of PA / OA (PSDC) requires the services of a TAS1 A4 SC3 to act as a

Senior DevSecOps Engineer.

Work Location : Hybrid with two days onsite (1920 Technology Parkway, Mechanicsburg, PA 17050). Schedule can be discussed during interview.

Work hours : 8AM to 5PM (hourlong lunch)

Start date can be ID'd upon after compliant PATCH and PSDC-related clearance has been processed and approved.

This req is available to candidates nationwide, but candidate must be ready to relocate for this hybrid position (60% remote vs. 40% onsite). Candidate must go onsite on their first day to pick up commonwealth-issued equipment, badging, etc.. Role contingent on compliant PATCH and passing PSDC / CJIS background checks.

PSDC (Public Safety Delivery Center) requires the services of a

Senior DevSecOps Engineer to act as consultant with the PSDC Solutions Management group.

Role summary

Hands-on security automation for AWS delivery. Build secure-by-default CDK constructs and CloudFormation templates, wire them into CI / CD, and enforce compliance checks that map to CJIS and NIST. Azure support is a future consideration, not a core day-one duty.

Scope boundaries

• Does not own enterprise AWS Organizations or SCP operations.
• Designs and builds reference guardrails and enforcement patterns that can be deployed by enterprise teams.
• Focuses on preventive controls and compliance automation , not incident response.

What you will deliver

First 90 days

Ongoing

Day-to-day responsibilities

Required skills

Nice to have

Decision rights

Independent on design and build within standards; proposes guardrails and reference patterns; escalates enterprise-wide changes.

Required / Desired Skills

Skill

Required / Desired

Amount

of Experience

5+ years AWS security automation and DevOps

Required

Years

Strong with AWS CDK and CloudFormation; working proficiency in Terraform

Required

CI / CD authoring in GitHub Actions and Azure DevOps

Required

Proficient in Python and Bash, with PowerShell for Windows automation

Required

Able to read Java and C# to integrate and tune SAST / SCA

Required

Practical knowledge of CJIS and NIST 800-53 control families and how to automate checks and evidence

Required

EKS / ECS / Lambda hardening patterns

Nice to have

OPA / Conftest, Checkov, Trivy, Inspector, CodeQL or equivalent

Nice to have

Basic Azure security automation for future phases

Nice to have

Questions

No.

Question

Question1

Background Check : This position requires an in-depth background check, including fingerprinting, and requires successful results. Do you accept this requirement?

Question2

The vendor rate for this position is $$.$$. Is this understood?

Question3

Where does your candidate currently reside?

Question4

Resume wise, please do not include filler material (e.g. describing a company's core capabilities / description). Please only include relevant info (e.g. what was done at the job / project). Is this reflected in the resume?

Question5

Inaccurate responses to the skills above will result in your company being omitted from future PSDC requisitions. The skills (and applicable experience) must also be explicitly referenced in the candidate resume. Have you confirmed that the responses to the skills above are accurate and reflect the actual experience the candidate possesses?

Question6

Do you understand, and will abide by, the provision in your subcontract with OST that it is PROHIBITED for government equipment to be taken or used outside of the United States by your contractors? The consequences of this occurring can and will result in repercussions to you, the prime vendor, regardless if the candidate works for a sub-vendor of yours. It will also result in immediate termination of the contractor, and make them ineligible for rehire in the program.