Open Positions

OBJECTIVES OF ENGAGEMENT: The primary objective of this engagement is to serve as an IT Business Analyst for PDMP projects. The individual will need to: Plan and facilitate requirement sessions with stakeholders to understand and capture requirements based on enhancement requests. Comfortable working with various internal and external stakeholders. Possess strong analytical, critical thinking and problem-solving skills. Produce all necessary deliverables and artifacts as defined by the project. Plan and facilitate other project related meetings as needed. Serve as the liaison between the technical teams and stakeholders during the Software Development Life Cycle (SDLC). Ability to drive the process forward and ensure all risks and issues are escalated appropriately. Possess strong understanding of IT Business Analysis Body of Knowledge (BABOK). The IT Business Analyst is a Senior level resource with specialized knowledge and experience in requirements analysis and documentation, test case planning and testing, coordinating communications and project tasks, while acting as liaison between customer program areas and IT teams. This position will work with business analysts, application developers, and DBAs to achieve project objectives - delivery dates, cost objectives, quality objectives, and program area customer satisfaction objectives. The position is responsible for: Drive identification of requirements across business units and identify substandard systems processes through evaluation of real-time data. Construct workflow charts and diagrams; studying system capabilities and writing specifications. Serve as thought leader for technical business processes, developing forward-thinking systems prototypes that promote increased efficiency and productivity on multiple levels. Perform, evaluate, and communicate thorough quality assurance at every stage of systems development. Determine and develop user requirements for systems in production, to ensure maximum usability. Work with testing team to provide SME inputs to the testers and assist in testing when needed. Assist with development of training documentation and prepare for and/or conduct training when needed. Maintain documentation on project SharePoint site Experience conducting Facilitated Workshops for requirements analysis. Knowledge of formal requirements gathering methodologies. Experience developing Business Requirements - project initiation document, what the needed achievements will be, and the quality measures. Experience developing Functional requirements - describe what the system, process, or product/service must do in order to fulfill the business requirements. Experience developing User (stakeholder) requirements - are a very important part of the deliverables, the needs of the stakeholders will have to be correctly interpreted. This deliverable can also reflect how the product will be designed, developed, and define how test cases must be formulated. Experience developing Quality-of-service (QoS) (non-functional) requirements - requirements that do not perform a specific function for the business requirement but are needed to support the functionality. For example: performance, scalability, QoS, security and usability. Experience developing Requirements Traceability Matrix - a cross matrix for recording the requirements through each stage of the requirements gathering process. Strong organization and writing skills. Experience developing graphic representations of complex business processes. Ability to analyze data and perform statistical analysis. Experience working with users to develop and implement improved business processes. Experience determining issues within a system and conveying them in both written and verbal form. Acts as the liaison for the PDMP and the system vendor to communicate PDMP system issues identified by the Commonwealth and its users. Uses legislation and prior experience to act as a Subject Matter Expert to guide and influence the growth of PDMP system. Acts as the lead tester of the PDMP on behalf of the Commonwealth by conducting system testing and developing user acceptance test scripts. Reviews test results performed by PDMP and other Commonwealth staff.

This position provides IT support and administrative service to the PDMP project managers to support the PDMP System. Telework is permitted on Mondays, Tuesdays, Thursdays, and Fridays. Staff will be required to report onsite on Wednesdays

Work Location: Hybrid with two days onsite (1920 Technology Parkway, Mechanicsburg, PA 17050). Schedule can be discussed during interview. Work hours: 8AM to 5PM (hourlong lunch) Start date can be ID'd upon after compliant PATCH and PSDC-related clearance has been processed and approved. This req is available to candidates nationwide, but candidate must be ready to relocate for this hybrid position (60% remote vs. 40% onsite). Candidate must go onsite on their first day to pick up commonwealth-issued equipment, badging, etc.. Role contingent on compliant PATCH and passing PSDC/CJIS background checks. Required Experience: Seven years of relevant experience Description The Public Safety Delivery Center (PSDC) is seeking a Cloud Engineer to support the PSDC Solutions Management Group. This role will work primarily with the PSDC enterprise team and will focus on designing, developing, implementing, and supporting cloud-native solutions in Microsoft Azure and Amazon Web Services (AWS). The ideal candidate will bring strong hands-on experience in cloud engineering, application modernization, workload migration, and DevOps-enabled delivery. Candidates must be able to demonstrate direct personal experience performing this work in prior projects and engagements. Experience limited to general team participation will not be sufficient. This role also requires the ability to support applied AI solution patterns, including GPT model integration, prompt engineering, and enterprise use cases such as summarization, semantic search, and intelligent chatbot capabilities. Role Description Design, develop, implement, and support cloud-native applications, services, and APIs using technologies such as .NET, .NET Core, containers, Python, and related tools, as appropriate to the solution. Design, implement, and support secure, scalable, and reliable solutions in Azure and AWS environments. Deploy and manage cloud infrastructure and platform services in support of application modernization, integration, and enterprise solution delivery. Support cloud migration, integration, and modernization efforts across a range of PSDC business processes. Work with Azure services such as App Service, Service Bus, API Management, Logic Apps, Azure Functions, Azure SQL Managed Instance, Azure SQL Database, Blob Storage, File Storage, and Table Storage. Work with Azure infrastructure and networking components such as Virtual Machines, Virtual Networks, Network Security Groups, VPN Gateway, and ExpressRoute. Work with AWS services such as EC2, S3, VPC, Lambda, and RDS in support of secure and reliable cloud solutions. Support containerization and orchestration using technologies such as Docker, Kubernetes, AWS ECS, Azure AKS, Azure Container Apps, and similar platforms. Support CI/CD pipelines and DevOps practices using tools such as Azure DevOps, GitHub, Artifactory, and NuGet. Apply software engineering, software architecture, SDLC, and data management practices throughout the delivery lifecycle. Contribute to technical solution design, implementation planning, engineering analysis, and related business and technical review activities. Apply knowledge of networking and infrastructure concepts, including DNS, Active Directory, firewalls, load balancers, and virtual networking. Support GPT-enabled solution capabilities, including prompt engineering, intelligent chatbots, document summarization, semantic search, and related business use cases. Apply awareness of token usage, cost management, performance optimization, content filtering, and compliance considerations when deploying GPT-based solutions in production cloud environments, including government and public safety contexts. Background Check: This position requires an in-depth background check, including fingerprinting, and requires successful results. Do you accept this requirement? Availability and Hybrid Work: Are you available to work in a hybrid model and commit to on-site presence as required by the team?

***This requisition's PO is funded through 6/30/26, so use that date in the RTR. Contract end date is dependent on the final schedule and projected needs. Additional funding would then last a year and occur from 7/1/26-6/30/27.*** ***Do not resubmit candidates from previously released req # 777897.*** Work Location: Hybrid with two days onsite (1920 Technology Parkway, Mechanicsburg, PA 17050). Schedule can be discussed during interview. Work hours: 8AM to 5PM (hourlong lunch) Start date can be ID'd upon after compliant PATCH and PSDC-related clearance has been processed and approved. This req is available to candidates nationwide, but candidate must be ready to relocate for this hybrid position (60% remote vs. 40% onsite). Candidate must go onsite on their first day to pick up commonwealth-issued equipment, badging, etc.. Role contingent on compliant PATCH and passing PSDC/CJIS background checks. PSDC (Public Safety Delivery Center) requires the services of a Senior DevSecOps Engineer to act as consultant with the PSDC Solutions Management group. Role summary Hands-on security automation for AWS delivery. Build secure-by-default CDK constructs and CloudFormation templates, wire them into CI/CD, and enforce compliance checks that map to CJIS and NIST. Azure support is a future consideration, not a core day-one duty. Scope boundaries - Does not own enterprise AWS Organizations or SCP operations. - Designs and builds reference guardrails and enforcement patterns that can be deployed by enterprise teams. - Focuses on preventive controls and compliance automation, not incident response. What you will deliver First 90 days - Pipeline security templates in GitHub Actions and Azure DevOps with SAST, SCA, IaC, container, and secret scanning gates. - Compliance as code in reference accounts: AWS Config rules and Security Hub standards aligned to CJIS and NIST 800-53, with exceptions workflow documented. - IaC reference modules using AWS CDK and CloudFormation for IAM least privilege, KMS, Secrets Manager, logging, and network baselines; Terraform equivalents provided where teams require them. - Evidence exports tying checks to control IDs and producing auditor-ready artifacts. Ongoing - Harden CDK/CFT modules and pipeline templates as compliance needs evolve. - Coach pilot teams to adopt templates. - Raise gaps to enterprise teams for org-level enforcement. Day-to-day responsibilities - Author and maintain AWS CDK constructs and CloudFormation templates; provide Terraform versions as secondary. - Implement AWS Config conformance, Security Hub standards, and GuardDuty routing in reference accounts. - Wire scanning in CI/CD for app code, containers, and IaC. - Create reusable GitHub/Azure DevOps templates with enforcement gates and exception handling. - Generate posture and evidence reports mapped to CJIS and NIST controls. Required skills - 5+ years AWS security automation and DevOps. - Strong with AWS CDK and CloudFormation; working proficiency in Terraform. - CI/CD authoring in GitHub Actions and Azure DevOps. - Proficient in Python and Bash, with PowerShell for Windows automation. - Able to read Java and C# to integrate and tune SAST/SCA. - Practical knowledge of CJIS and NIST 800-53 control families and how to automate checks and evidence. Nice to have - EKS/ECS/Lambda hardening patterns. - OPA/Conftest, Checkov, Trivy, Inspector, CodeQL or equivalent. - Basic Azure security automation for future phases. Decision rights Independent on design and build within standards; proposes guardrails and reference patterns; escalates enterprise-wide changes.