DevSecOps Engineer

Details:

• A+ level priority, exclusive to us
• Location: Remote
• DevSecOps Engineer
• Experience 8+

We are seeking a DevSecOps Engineer with a strong background in healthcare IT to help secure and streamline our software development and deployment processes. This role is critical in ensuring that our systems comply with healthcare regulations such as HIPAA, HITECH/HITRUST, and ISO27001, while maintaining high availability, scalability, and security across our infrastructure.
You will work closely with development, IT operations, and security teams to embed security into every phase of the software development lifecycle, automate compliance checks, and protect sensitive patient data.

Key Responsibilities:

• Maintain secure CI/CD pipelines tailored for healthcare applications.
• Integrate security tools (SAST, DAST, SCA, secrets scanning, etc.) into development workflows.
• Secure hardening using tools such as Terraform, Ansible, or CloudFormation.
• Ensure compliance with healthcare regulations (HIPAA, HITECH, ISO27001, HITRUST).
• Implement and monitor container security (e.g., Docker) in cloud environments.
• Conduct threat modeling and risk assessments for healthcare systems and data flows.
• Collaborate with compliance and legal teams to help align DevSecOps practices with regulatory requirements.
• Monitor and respond to security incidents, vulnerabilities, and audit findings as needed.
• Maintain documentation for security controls, policies, and procedures.

Required Qualifications:

• Information Security or related experience.
• 3+ years of experience in DevOps, Security Engineering, or related roles.
• High School Diploma
• Experience in healthcare IT environments and understanding of PHI/PII data protection.
• Strong knowledge of cloud platforms (AWS/Azure).
• Experience with CI/CD tools (e.g., Jenkins).
• Proficiency in scripting languages (e.g., Python, Bash, Powershell).
• Familiarity with security tools like SonarQube, Checkmarx, Aqua, Scout, Prisma Cloud, or similar.
• Understanding of secure coding practices and OWASP Top 10.

Preferred Qualifications:

• Certifications such as AWS Certified Security, Certified Kubernetes Security Specialist (CKS), CISSP, or HCISPP.
• Experience with infrastructure-as-code security scanning tools (e.g., tfsec, Checkov).
• Knowledge of zero-trust architecture and identity management in healthcare.
• Experience working with EHR systems and related APIs.