Candidate must be able to obtain Public Trust clearance and must have lived in the United States for at least three (3) out of the last five (5) years.
Job Summary:
DevSecOps Engineer is responsible for designing, implementing, and maintaining secure CI/CD pipelines, cloud infrastructure, and automation frameworks. The role focuses on integrating security controls, compliance, and monitoring into DevOps processes to support mission-critical healthcare applications and data sharing platforms.
Key Responsibilities:
DevOps & Automation
- Design, implement, and maintain CI/CD pipelines for application and API deployments.
- Automate build, test, security scanning, and deployment processes.
- Manage infrastructure using Infrastructure as Code (IaC) tools (Terraform, CloudFormation, ARM).
- Support containerized environments using Docker and Kubernetes.
- Ensure high availability, scalability, and disaster recovery.
Security Integration (DevSecOps)
- Embed security controls into CI/CD pipelines (SAST, DAST, SCA).
- Implement and maintain container security and image scanning.
- Enforce secrets management, encryption, and key rotation.
- Integrate identity and access management (IAM) with least-privilege principles.
- Conduct vulnerability assessments and support remediation activities.
Cloud & Platform Engineering
- Design and manage secure cloud environment in AWS.
- Implement network security controls (VPCs, firewalls, security groups).
- Monitor system performance, logs, and security events.
- Support API Gateway platforms (e.g., MuleSoft Anypoint Platform).
Compliance & Governance
- Ensure compliance with HIPAA, CMS, FISMA, FedRAMP, and NIST (800-53, 800-171).
- Support ATO processes, audits, and security documentation.
- Implement continuous monitoring and compliance reporting.
- Collaborate with ISSO and security teams on risk assessments.
Collaboration & Agile Support
- Work closely with developers, architects, QA, and security teams.
- Participate in Agile ceremonies and release planning.
- Provide guidance on secure coding and cloud security best practices.
Required Qualifications:
- 4+ years of experience in DevOps or DevSecOps engineering.
- Strong experience with CI/CD tools (Jenkins, GitLab CI, GitHub Actions).
- Hands-on experience with cloud platform AWS.
- Experience with containerization and orchestration (Docker, Kubernetes).
- Knowledge of security tools (Snyk, SonarQube, Aqua, Prisma Cloud, or similar).
Preferred Qualifications:
- Experience supporting federal or healthcare IT programs.
- Experience with API Gateways and MuleSoft.
- Knowledge of FHIR/HL7 healthcare data standards.
- Experience with FedRAMP Moderate/High environments.
- AWS certification preferred, particularly AWS Certified DevOps Engineer – Professional or Solutions Architect – Associate/Professional.
Key Skills:
C-HIT, a CMMI Maturity Level 5 company, focuses on delivering information technology and professional services to Federal and State agencies.
C-HIT is an EOE, including disability and veterans”
Never miss an opportunity! Create an alert based on the job you applied for.
