What are the responsibilities and job description for the PSDC - Senior DevSecOps Engineer position at Willan Technologies?
Engagement Type
Contract Short Description
Commonwealth of PA/OA (PSDC) requires the services of a TAS1 A4 SC3 to act as a Senior DevSecOps Engineer. Complete Description
Work Location: Hybrid with two days onsite (1920 Technology Parkway, Mechanicsburg, PA
17050). Schedule can be discussed during interview.
Work hours: 8AM to 5PM (hourlong lunch)
Start date can be ID'd upon after compliant PATCH and PSDC-related clearance has been processed and approved.
This req is available to candidates nationwide, but candidate must be ready to relocate for this hybrid position (60% remote vs. 40% onsite). Candidate must go onsite on their first day to pick up commonwealth-issued equipment, badging, etc.. Role contingent on compliant PATCH and passing PSDC/CJIS background checks.
PSDC (Public Safety Delivery Center)
requires the services of a Senior
DevSecOps Engineer to act
as consultant with the PSDC Solutions Management group.
Role summary
Hands-on security
automation for AWS delivery. Build secure-by-default CDK constructs and
CloudFormation templates, wire them into CI/CD, and enforce compliance checks
that map to CJIS and NIST. Azure support is a future consideration, not a core
day-one duty.
Scope boundaries
Does not own enterprise AWS Organizations or SCP operations.
Designs and builds reference guardrails and enforcement patterns
that can be deployed by enterprise teams.
Focuses on preventive controls and compliance automation, not
incident response.
What you will deliver
First 90 days
Pipeline security templates in GitHub Actions and Azure
DevOps with SAST, SCA, IaC, container, and secret scanning gates.
Compliance as code in reference accounts: AWS
Config rules and Security Hub standards aligned to CJIS and NIST 800-53,
with exceptions workflow documented.
IaC reference modules using AWS CDK and
CloudFormation for IAM least privilege, KMS, Secrets Manager, logging,
and network baselines; Terraform equivalents provided where teams
require them.
Evidence exports tying checks to control IDs and
producing auditor-ready artifacts.
Ongoing
Harden CDK/CFT modules and pipeline templates as compliance needs
evolve.
Coach pilot teams to adopt templates.
Raise gaps to enterprise teams for org-level enforcement.
Day-to-day responsibilities
Author and maintain AWS CDK constructs and CloudFormation
templates; provide Terraform versions as secondary.
Implement AWS Config conformance, Security Hub standards, and
GuardDuty routing in reference accounts.
Wire scanning in CI/CD for app code, containers, and IaC.
Create reusable GitHub/Azure DevOps templates with enforcement gates
and exception handling.
Generate posture and evidence reports mapped to CJIS and NIST
controls.
Required skills
5 years AWS security automation and DevOps.
Strong with AWS CDK and CloudFormation; working
proficiency in Terraform.
CI/CD authoring in GitHub Actions and Azure DevOps.
Proficient in Python and Bash, with PowerShell
for Windows automation.
Able to read Java and C# to integrate and tune
SAST/SCA.
Practical knowledge of CJIS and NIST 800-53 control
families and how to automate checks and evidence.
Nice to have
EKS/ECS/Lambda hardening patterns.
OPA/Conftest, Checkov, Trivy, Inspector, CodeQL or equivalent.
Basic Azure security automation for future phases.
Decision rights
Independent on
design and build within standards; proposes guardrails and reference patterns;
escalates enterprise-wide changes.
Required/Desired Skills Skill Required/Desired Amount of Experience 5 years AWS security automation and DevOps Required 5.0 Years Strong with AWS CDK and CloudFormation; working proficiency in Terraform Required CI/CD authoring in GitHub Actions and Azure DevOps Required Proficient in Python and Bash, with PowerShell for Windows automation Required Able to read Java and C# to integrate and tune SAST/SCA Required Practical knowledge of CJIS and NIST 800-53 control families and how to automate checks and evidence Required EKS/ECS/Lambda hardening patterns Nice to have OPA/Conftest, Checkov, Trivy, Inspector, CodeQL or equivalent Nice to have Basic Azure security automation for future phases Nice to have
Contract Short Description
Commonwealth of PA/OA (PSDC) requires the services of a TAS1 A4 SC3 to act as a Senior DevSecOps Engineer. Complete Description
Work Location: Hybrid with two days onsite (1920 Technology Parkway, Mechanicsburg, PA
17050). Schedule can be discussed during interview.
Work hours: 8AM to 5PM (hourlong lunch)
Start date can be ID'd upon after compliant PATCH and PSDC-related clearance has been processed and approved.
This req is available to candidates nationwide, but candidate must be ready to relocate for this hybrid position (60% remote vs. 40% onsite). Candidate must go onsite on their first day to pick up commonwealth-issued equipment, badging, etc.. Role contingent on compliant PATCH and passing PSDC/CJIS background checks.
PSDC (Public Safety Delivery Center)
requires the services of a Senior
DevSecOps Engineer to act
as consultant with the PSDC Solutions Management group.
Role summary
Hands-on security
automation for AWS delivery. Build secure-by-default CDK constructs and
CloudFormation templates, wire them into CI/CD, and enforce compliance checks
that map to CJIS and NIST. Azure support is a future consideration, not a core
day-one duty.
Scope boundaries
Does not own enterprise AWS Organizations or SCP operations.
Designs and builds reference guardrails and enforcement patterns
that can be deployed by enterprise teams.
Focuses on preventive controls and compliance automation, not
incident response.
What you will deliver
First 90 days
Pipeline security templates in GitHub Actions and Azure
DevOps with SAST, SCA, IaC, container, and secret scanning gates.
Compliance as code in reference accounts: AWS
Config rules and Security Hub standards aligned to CJIS and NIST 800-53,
with exceptions workflow documented.
IaC reference modules using AWS CDK and
CloudFormation for IAM least privilege, KMS, Secrets Manager, logging,
and network baselines; Terraform equivalents provided where teams
require them.
Evidence exports tying checks to control IDs and
producing auditor-ready artifacts.
Ongoing
Harden CDK/CFT modules and pipeline templates as compliance needs
evolve.
Coach pilot teams to adopt templates.
Raise gaps to enterprise teams for org-level enforcement.
Day-to-day responsibilities
Author and maintain AWS CDK constructs and CloudFormation
templates; provide Terraform versions as secondary.
Implement AWS Config conformance, Security Hub standards, and
GuardDuty routing in reference accounts.
Wire scanning in CI/CD for app code, containers, and IaC.
Create reusable GitHub/Azure DevOps templates with enforcement gates
and exception handling.
Generate posture and evidence reports mapped to CJIS and NIST
controls.
Required skills
5 years AWS security automation and DevOps.
Strong with AWS CDK and CloudFormation; working
proficiency in Terraform.
CI/CD authoring in GitHub Actions and Azure DevOps.
Proficient in Python and Bash, with PowerShell
for Windows automation.
Able to read Java and C# to integrate and tune
SAST/SCA.
Practical knowledge of CJIS and NIST 800-53 control
families and how to automate checks and evidence.
Nice to have
EKS/ECS/Lambda hardening patterns.
OPA/Conftest, Checkov, Trivy, Inspector, CodeQL or equivalent.
Basic Azure security automation for future phases.
Decision rights
Independent on
design and build within standards; proposes guardrails and reference patterns;
escalates enterprise-wide changes.
Required/Desired Skills Skill Required/Desired Amount of Experience 5 years AWS security automation and DevOps Required 5.0 Years Strong with AWS CDK and CloudFormation; working proficiency in Terraform Required CI/CD authoring in GitHub Actions and Azure DevOps Required Proficient in Python and Bash, with PowerShell for Windows automation Required Able to read Java and C# to integrate and tune SAST/SCA Required Practical knowledge of CJIS and NIST 800-53 control families and how to automate checks and evidence Required EKS/ECS/Lambda hardening patterns Nice to have OPA/Conftest, Checkov, Trivy, Inspector, CodeQL or equivalent Nice to have Basic Azure security automation for future phases Nice to have
