I looked around for something to do this but couldn't find anything so I started working on a format that will allow for the structured packaging of a series of drush calls. These digestible calls can be chained together or reference each other to form a type of recipe much like chef does; just specific to drush.
Right now the PoC is a JSON array but the format and structure of this animal is up for debate. I'm looking for this to be generalizable and useful to as many systems as possible. This can be hooked into Jenkins / other control systems (since its drush) or executed as a stand alone call (again since its drush). Themes, modules, install profiles, drush plugins, drush home directory, and custom sites/all/drecipes/ (libraries style) are all valid locations for seeking out .drecipe formatted files.
A draft is in the following sandbox and is working. It provides two example .drecipe files that can be invoked to issue a series of calls against a site. The update status one is a simple one and the security hardening one is a more complex, go get modules as well as call the admin update recipe.
Feedback much appreciated: https://www.drupal.org/sandbox/btopro/2299951