Director of Application and DevSecOps Security

Be part of a team that unleashes the power of leading-edge technologies to help improve the health and well-being of those most vulnerable in our country and communities. Working at Gainwell carries its rewards. You'll have an incredible opportunity to grow your career in a company that values work flexibility, learning, and career development. You'll add to your technical credentials and certifications while enjoying a generous, flexible vacation policy and educational assistance. We also have comprehensive leadership and technical development academies to help build your skills and capabilities.

Summary

The Director of Application & DevSecOps Security is responsible for leading the organization's strategy and execution of secure software development practices across application security, API security, and DevOps (shift-left) initiatives.

This role establishes and enforces SDLC security policies, defines secure design requirements, and builds scalable training programs to embed security into the engineering culture, ensuring the organization can deliver secure, resilient, and compliant solutions at scale.

This leader partners cross-functionally with Engineering, Product, DevOps, and Risk teams to ensure security is integrated early and continuously throughout the development lifecycle.

Your role in our mission

• Define and lead the enterprise Application Security and DevSecOps strategy aligned to business objectives.
• Build and mature a shift-left security program integrated into CI/CD pipelines.
• Establish and implement roadmap for API security, including governance, discovery, and runtime protection.
• Balance governance with enablement by establishing guardrails, reusable patterns, and self?service security tooling that empower engineering teams.
• Lead, mentor, and grow a high-performing security engineering team.
• Oversee secure coding practices, SAST/DAST/SCA tooling, and vulnerability management processes.
• Define API security standards including authentication, authorization, rate limiting, and data protection.
• Drive threat modeling practices across critical applications and services.
• Partner with engineering and development teams to remediate risks and improve secure design patterns.
• Embed automated security controls into CI/CD pipelines.
• Champion developer-first security tooling and workflows
• Partner with DevOps teams to ensure secure infrastructure-as-code (IaC) practices.
• Measure and improve security posture through pipeline metrics and KPIs.
• Define and maintain secure SDLC policies, standards, and control frameworks.
• Establish secure design and architecture requirements for new systems.
• Ensure alignment with regulatory and compliance requirements (e.g., SOC 2, ISO 27001, NIST).
• Lead security reviews and design approvals for critical initiatives.
• Design and implement role-based and just-in-time developer security training programs.
• Build secure coding guidelines and internal knowledge resources.
• Drive security awareness and culture across engineering teams.
• Partner with leadership to ensure adoption and accountability.
• Define KPIs and KRIs for application and DevSecOps security maturity.
• Report on risk posture, vulnerabilities, and program effectiveness to executive leadership.
• Continuously assess and improve tooling, processes, and coverage.

What we're looking for

• 10+ years of experience in cybersecurity with a strong focus on application security and DevSecOps.
• 5+ years in a leadership or director-level role managing teams.
• Deep expertise in secure SDLC, application security testing (SAST, DAST, SCA), and API security.
• Experience integrating security into CI/CD pipelines and cloud-native environments (AWS, Azure, or Google Cloud Platform).
• Experience with container security, Kubernetes security, serverless security concepts and delivery.
• Strong knowledge of modern architectures (microservices, containers, Kubernetes).
• Proven experience building security programs and influencing engineering culture.

What you should expect in this role

• Fully Remote Opportunity - Work from anywhere in the U.S.
• Minimal Travel Required - Occasional travel opportunities (0-20%).
• Video cameras must be used during all interviews, as well as during the initial week of orientation.

The deadline to submit applications for this posting is June 5, 2026.

The pay range for this position is $150,200.00 - $214,500.00 per year, however, the base pay offered may vary depending on geographic region, internal equity, job-related knowledge, skills, and experience among other factors. Put your passion to work at Gainwell. You'll have the opportunity to grow your career in a company that values work flexibility, learning, and career development. All salaried, full-time candidates are eligible for our generous, flexible vacation policy, a 401(k) employer match, comprehensive health benefits , and educational assistance. We also have a variety of leadership and technical development academies to help build your skills and capabilities.

We believe nothing is impossible when you bring together people who care deeply about making healthcare work better for everyone. Build your career with Gainwell, an industry leader. You'll be joining a company where collaboration, innovation, and inclusion fuel our growth. Learn more about Gainwell at our company website and visit our Careers site for all available job role openings.

Gainwell Technologies is an Equal Opportunity Employer, where all qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical condition), age, sexual orientation, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. Gainwell Technologies defines "wages" and "wage rates" to include "all forms of pay, including, but not limited to, salary, overtime pay, bonuses, stock, stock options, profit sharing and bonus plans, life insurance, vacation and holiday pay, cleaning or gasoline allowances, hotel accommodations, reimbursement for travel expenses, and benefits.