Job Description

At PennEngineering, we innovate and collaborate to make the world a better place. You can contribute to work that matters with a company where diversity, equity and inclusion are shared values. We’re committed to fostering an environment for every employee that’s welcoming, respectful and inclusive, with great opportunity for professional growth. Find your future with us.

We are seeking a Senior Developer Security Architect who is responsible for building and operating the security architecture that enables PennEngineering’ s engineering teams to ship code safely at high velocity. This is a hands-on leadership role: part architect, part builder, part platform engineer.

As PennEngineering’ s AI application portfolio grows, including AI-powered workflows, agentic systems, and customer-facing digital platforms, this role will play a critical part in establishing the security architecture and governance frameworks that allow those systems to operate reliably, safely, and at enterprise scale.

Join us as we build the future in Manufacturing and Engineering!

PERKS AND BENEFITS:

• PTO, holiday pay, 401K, tuition reimbursement
• Medical, Dental and vision insurance
• Company provided technology including Laptop, necessary monitors and hardware for office and home environments, iPhone, etc.
• Employee Centric Culture

WHAT YOU WILL DO:

Cloud Security Posture & Remediation

• Continuously assess, harden, and elevate the security posture of PennEngineering's AWS cloud infrastructure, covering both customer-facing platforms and internal enterprise systems
• Design and build custom security tools, frameworks, and policies tailored to protect PennEngineering's internal and external organizational assets
• Own the end-to-end vulnerability management lifecycle, including triage, tracking, prioritization, and automated remediation of identified vulnerabilities and cloud misconfigurations
• Establish a continuous posture improvement program with defined baselines, remediation SLAs, and executive-level reporting on security health

Pipeline Security & CI/CD Integration

• Architect and implement automated security scanning (SAST, SCA, and DAST), embedded directly into CI/CD pipelines, ensuring checks are high-fidelity and low-latency to support our daily deployment cadence
• Configure pre-commit hooks, pull request checks, and branch protection rules that automatically detect and block secrets, misconfigurations, or vulnerable dependencies before they reach production
• Partner with AI engineering teams to secure AI/LLM workloads within the pipeline, including prompt injection protections, model input/output validation, and agentic system guardrails
• Establish security gate standards and developer-friendly documentation so engineering teams understand what is enforced, why, and how to resolve failures quickly

Automated Governance & Policy-as-Code

• Replace manual security audits with automated policy enforcement using infrastructure-as-code tools (Terraform, AWS Config), ensuring non-compliant infrastructure cannot be provisioned
• Build event-driven automation to detect and auto-remediate common security issues in near real-time, reducing mean time to respond across the environment
• Define and maintain security governance standards, including access controls, secrets management, encryption policies, and data classification frameworks
• Establish audit-ready documentation and evidence collection practices to support internal compliance reviews and external assessments

Cloud Operations & Threat Response

• Maintain the operational security health of PennEngineering's AWS environment, using automation to manage scaling events, configuration drift, and self-healing infrastructure
• Operationalize CrowdStrike and Zscaler telemetry by automating the correlation of security alerts to reduce noise and trigger rapid, automated response workflows
• Define and own security incident response playbooks; lead root-cause analysis and post-incident reviews to drive systemic improvements
• Collaborate with IS, infrastructure, and AI engineering teams to ensure threat response practices are integrated across the full technology stack

Security Architecture for AI & Emerging Platforms

• Define the security architecture for PennEngineering's AI-powered application portfolio, including data access controls, model governance, prompt safety, and auditability for agentic systems
• Evaluate and advise on security posture for new platforms, tools, and third-party integrations as the technology portfolio evolves
• Partner with the Principal Systems Architect and AI engineering teams to embed security requirements into solution designs from the earliest stages
• Stay current on emerging threats relevant to AI systems, cloud-native architectures, and manufacturing/industrial environments, and translate findings into actionable architectural guidance

#LI-BS1

Qualifications

WHAT WE ARE LOOKING FOR:

• 8+ years of experience in cloud security, DevSecOps, or security engineering, with at least 3 years in an architect-level role
• Deep expertise in AWS cloud architecture and security services, including IAM, Security Hub, GuardDuty, Config, KMS, VPC design, and CloudTrail
• Proven experience integrating automated security tooling (SAST, SCA, DAST) into modern CI/CD pipelines without degrading deployment velocity
• Hands-on experience with infrastructure-as-code and policy-as-code approaches using Terraform or AWS CDK
• Strong scripting and automation skills in Python, Go, or Bash, with the ability to build custom security tools and integrate systems programmatically
• Experience securing containerized workloads including Docker, Kubernetes, and ECS/EKS deployments
• Practical knowledge of vulnerability management, threat modeling, incident response, and security operations in a cloud-native environment
• Demonstrated ability to work as a trusted partner to engineering and product teams, designing security that accelerates rather than blocks delivery
• Excellent communication skills, including the ability to translate technical security risks into business terms for senior leadership
• Bachelor's degree in Computer Science, Information Security, Engineering, or a related technical field

Preferred Qualifications

• Experience defining security architecture for AI/LLM-powered systems, including prompt injection protections, model access controls, output validation, and auditability requirements for agentic applications
• Hands-on experience operationalizing CrowdStrike and Zscaler in an enterprise environment
• Familiarity with Model Context Protocol (MCP) and emerging security considerations for tool-use in agentic AI systems
• Experience in manufacturing, industrial, or complex B2B technology environments
• Relevant certifications: AWS Security Specialty, CISSP, CCSP, or equivalent
• Experience contributing to or leading security programs in support of SOC 2, ISO 27001, or similar compliance frameworks
• Background working in a global organization with multi-region cloud deployments