Senior DevSecOps Architect
Indexed description
Join us as we build the future in Manufacturing and Engineering!
Perks And Benefits
- PTO, holiday pay, 401K, tuition reimbursement
- Medical, Dental and vision insurance
- Company provided technology including Laptop, necessary monitors and hardware for office and home environments, iPhone, etc.
- Employee Centric Culture
- Continuously assess, harden, and elevate the security posture of PennEngineering's AWS cloud infrastructure, covering both customer-facing platforms and internal enterprise systems
- Design and build custom security tools, frameworks, and policies tailored to protect PennEngineering's internal and external organizational assets
- Own the end-to-end vulnerability management lifecycle, including triage, tracking, prioritization, and automated remediation of identified vulnerabilities and cloud misconfigurations
- Establish a continuous posture improvement program with defined baselines, remediation SLAs, and executive-level reporting on security health
- Architect and implement automated security scanning (SAST, SCA, and DAST), embedded directly into CI/CD pipelines, ensuring checks are high-fidelity and low-latency to support our daily deployment cadence
- Configure pre-commit hooks, pull request checks, and branch protection rules that automatically detect and block secrets, misconfigurations, or vulnerable dependencies before they reach production
- Partner with AI engineering teams to secure AI/LLM workloads within the pipeline, including prompt injection protections, model input/output validation, and agentic system guardrails
- Establish security gate standards and developer-friendly documentation so engineering teams understand what is enforced, why, and how to resolve failures quickly
- Replace manual security audits with automated policy enforcement using infrastructure-as-code tools (Terraform, AWS Config), ensuring non-compliant infrastructure cannot be provisioned
- Build event-driven automation to detect and auto-remediate common security issues in near real-time, reducing mean time to respond across the environment
- Define and maintain security governance standards, including access controls, secrets management, encryption policies, and data classification frameworks
- Establish audit-ready documentation and evidence collection practices to support internal compliance reviews and external assessments
- Maintain the operational security health of PennEngineering's AWS environment, using automation to manage scaling events, configuration drift, and self-healing infrastructure
- Operationalize CrowdStrike and Zscaler telemetry by automating the correlation of security alerts to reduce noise and trigger rapid, automated response workflows
- Define and own security incident response playbooks; lead root-cause analysis and post-incident reviews to drive systemic improvements
- Collaborate with IS, infrastructure, and AI engineering teams to ensure threat response practices are integrated across the full technology stack
- Define the security architecture for PennEngineering's AI-powered application portfolio, including data access controls, model governance, prompt safety, and auditability for agentic systems
- Evaluate and advise on security posture for new platforms, tools, and third-party integrations as the technology portfolio evolves
- Partner with the Principal Systems Architect and AI engineering teams to embed security requirements into solution designs from the earliest stages
- Stay current on emerging threats relevant to AI systems, cloud-native architectures, and manufacturing/industrial environments, and translate findings into actionable architectural guidance
Requirements
WHAT WE ARE LOOKING FOR:
- 8+ years of experience in cloud security, DevSecOps, or security engineering, with at least 3 years in an architect-level role
- Deep expertise in AWS cloud architecture and security services, including IAM, Security Hub, GuardDuty, Config, KMS, VPC design, and CloudTrail
- Proven experience integrating automated security tooling (SAST, SCA, DAST) into modern CI/CD pipelines without degrading deployment velocity
- Hands-on experience with infrastructure-as-code and policy-as-code approaches using Terraform or AWS CDK
- Strong scripting and automation skills in Python, Go, or Bash, with the ability to build custom security tools and integrate systems programmatically
- Experience securing containerized workloads including Docker, Kubernetes, and ECS/EKS deployments
- Practical knowledge of vulnerability management, threat modeling, incident response, and security operations in a cloud-native environment
- Demonstrated ability to work as a trusted partner to engineering and product teams, designing security that accelerates rather than blocks delivery
- Excellent communication skills, including the ability to translate technical security risks into business terms for senior leadership
- Bachelor's degree in Computer Science, Information Security, Engineering, or a related technical field
- Experience defining security architecture for AI/LLM-powered systems, including prompt injection protections, model access controls, output validation, and auditability requirements for agentic applications
- Hands-on experience operationalizing CrowdStrike and Zscaler in an enterprise environment
- Familiarity with Model Context Protocol (MCP) and emerging security considerations for tool-use in agentic AI systems
- Experience in manufacturing, industrial, or complex B2B technology environments
- Relevant certifications: AWS Security Specialty, CISSP, CCSP, or equivalent
- Experience contributing to or leading security programs in support of SOC 2, ISO 27001, or similar compliance frameworks
- Background working in a global organization with multi-region cloud deployments
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search