JOBSEARCHER

Senior DevSecOps Architect

ARCHIVED

We can't find an active application page for this role right now. It may reopen or be listed elsewhere. Use Next Steps to search for an active apply link and similar live jobs.

At PennEngineering, we innovate and collaborate to make the world a better place. You can contribute to work that matters with a company where diversity, equity and inclusion are shared values. We’re committed to fostering an environment for every employee that’s welcoming, respectful and inclusive, with great opportunity for professional growth. Find your future with us.We are seeking a Senior Developer Security Architect who is responsible for building and operating the security architecture that enables PennEngineering’ s engineering teams to ship code safely at high velocity. This is a hands-on leadership role: part architect, part builder, part platform engineer.As PennEngineering’ s AI application portfolio grows, including AI-powered workflows, agentic systems, and customer-facing digital platforms, this role will play a critical part in establishing the security architecture and governance frameworks that allow those systems to operate reliably, safely, and at enterprise scale.Join us as we build the future in Manufacturing and Engineering!Perks And BenefitsPTO, holiday pay, 401K, tuition reimbursementMedical, Dental and vision insuranceCompany provided technology including Laptop, necessary monitors and hardware for office and home environments, iPhone, etc.Employee Centric CultureWhat You Will DoCloud Security Posture & RemediationContinuously assess, harden, and elevate the security posture of PennEngineering's AWS cloud infrastructure, covering both customer-facing platforms and internal enterprise systemsDesign and build custom security tools, frameworks, and policies tailored to protect PennEngineering's internal and external organizational assetsOwn the end-to-end vulnerability management lifecycle, including triage, tracking, prioritization, and automated remediation of identified vulnerabilities and cloud misconfigurationsEstablish a continuous posture improvement program with defined baselines, remediation SLAs, and executive-level reporting on security healthPipeline Security & CI/CD IntegrationArchitect and implement automated security scanning (SAST, SCA, and DAST), embedded directly into CI/CD pipelines, ensuring checks are high-fidelity and low-latency to support our daily deployment cadenceConfigure pre-commit hooks, pull request checks, and branch protection rules that automatically detect and block secrets, misconfigurations, or vulnerable dependencies before they reach productionPartner with AI engineering teams to secure AI/LLM workloads within the pipeline, including prompt injection protections, model input/output validation, and agentic system guardrailsEstablish security gate standards and developer-friendly documentation so engineering teams understand what is enforced, why, and how to resolve failures quicklyAutomated Governance & Policy-as-CodeReplace manual security audits with automated policy enforcement using infrastructure-as-code tools (Terraform, AWS Config), ensuring non-compliant infrastructure cannot be provisionedBuild event-driven automation to detect and auto-remediate common security issues in near real-time, reducing mean time to respond across the environmentDefine and maintain security governance standards, including access controls, secrets management, encryption policies, and data classification frameworksEstablish audit-ready documentation and evidence collection practices to support internal compliance reviews and external assessmentsCloud Operations & Threat ResponseMaintain the operational security health of PennEngineering's AWS environment, using automation to manage scaling events, configuration drift, and self-healing infrastructureOperationalize CrowdStrike and Zscaler telemetry by automating the correlation of security alerts to reduce noise and trigger rapid, automated response workflowsDefine and own security incident response playbooks; lead root-cause analysis and post-incident reviews to drive systemic improvementsCollaborate with IS, infrastructure, and AI engineering teams to ensure threat response practices are integrated across the full technology stackSecurity Architecture for AI & Emerging PlatformsDefine the security architecture for PennEngineering's AI-powered application portfolio, including data access controls, model governance, prompt safety, and auditability for agentic systemsEvaluate and advise on security posture for new platforms, tools, and third-party integrations as the technology portfolio evolvesPartner with the Principal Systems Architect and AI engineering teams to embed security requirements into solution designs from the earliest stagesStay current on emerging threats relevant to AI systems, cloud-native architectures, and manufacturing/industrial environments, and translate findings into actionable architectural guidanceLocationDanboro, PAWHAT WE ARE LOOKING FOR:8+ years of experience in cloud security, DevSecOps, or security engineering, with at least 3 years in an architect-level roleDeep expertise in AWS cloud architecture and security services, including IAM, Security Hub, GuardDuty, Config, KMS, VPC design, and CloudTrailProven experience integrating automated security tooling (SAST, SCA, DAST) into modern CI/CD pipelines without degrading deployment velocityHands-on experience with infrastructure-as-code and policy-as-code approaches using Terraform or AWS CDKStrong scripting and automation skills in Python, Go, or Bash, with the ability to build custom security tools and integrate systems programmaticallyExperience securing containerized workloads including Docker, Kubernetes, and ECS/EKS deploymentsPractical knowledge of vulnerability management, threat modeling, incident response, and security operations in a cloud-native environmentDemonstrated ability to work as a trusted partner to engineering and product teams, designing security that accelerates rather than blocks deliveryExcellent communication skills, including the ability to translate technical security risks into business terms for senior leadershipBachelor's degree in Computer Science, Information Security, Engineering, or a related technical fieldPreferred QualificationsExperience defining security architecture for AI/LLM-powered systems, including prompt injection protections, model access controls, output validation, and auditability requirements for agentic applicationsHands-on experience operationalizing CrowdStrike and Zscaler in an enterprise environmentFamiliarity with Model Context Protocol (MCP) and emerging security considerations for tool-use in agentic AI systemsExperience in manufacturing, industrial, or complex B2B technology environmentsRelevant certifications: AWS Security Specialty, CISSP, CCSP, or equivalentExperience contributing to or leading security programs in support of SOC 2, ISO 27001, or similar compliance frameworksBackground working in a global organization with multi-region cloud deployments