DevSecOps Engineer

About The Position

Requirements

• Requires a bachelor's degree or equivalent combination of education and experience that would provide the knowledge to perform such work.
• Experience must include a minimum of 3 years experience in a support & operations or design & engineering role in any of the following areas: access management or network security technologies, servers, networks, Network communications, telecommunications, operating systems, middleware, disaster recovery, collaboration technologies, hardware/software support or other infrastructure services role.
• Requires experience providing top-tier support for 3 or more of the information security technology areas: 1) Access Control, 2) Application Security, 3) Business Continuity and Disaster Recovery Planning, 4) Cryptography, 5) Information Security and Risk Management 6) Legal, Regulations, 7) Compliance and Investigations, 8) Operations Security, 9) Physical (Environmental) Security, 10) Security Architecture and Design, 11) Telecommunications and Network Security.

Nice To Haves

• Technical security certifications (e.g. CISSP, HCISPP, GIAC, AWS Certified Security, Microsoft Certified: Azure Security Engineer Associate, Google Professional Cloud Security Engineer and Certified Kubernetes Administrator) preferred.
• BA/BS degree in Information System and Computer Science or related field of study strongly preferred.
• Hands-on experience with CI/CD tools (e.g., GitLab CI/CD) and integrating security tools.
• Experience with cloud security tools and services (e.g., AWS Config, GuardDuty, Azure Security Center).
• Knowledge of container security (Docker, Kubernetes), IaC (Terraform, Ansible), and secrets management (e.g., HashiCorp Vault, AWS Secrets Manager).
• Automation experience in advanced automation delivery software and languages (e.g., Ansible, Terraform) for application deployments.

Responsibilities

• Work with key teams to maintain and secure our cloud environments. Support department in any cloud platform need. Define and monitor Quality Assurance (QA) standards for department.
• Integrate security tools and practices (SAST, DAST, SCA) into CI/CD pipelines to detect and remediate vulnerabilities early in the SDLC.
• Collaborate with development, IT, and compliance teams to implement secure infrastructure-as-code (IaC) and DevSecOps standards.
• Design and maintain secure cloud infrastructure, primarily on AWS/Azure/GCP, aligned with HIPAA, PCI and other compliance/security requirements.
• Automate security controls, compliance checks, and threat detection systems across environments.
• Provides system and network architecture support for information and network security technologies.
• Provides technical support to business and technology associates in risk assessments and implementation of appropriate information security procedures, standards and technologies; represents major upgrades and reconfigurations in change control.
• Design & analyze mix of vendor services meeting business and information security requirements; maintains relationship with key vendors; leads lights on initiatives to consolidate equipment and/or implement business relocations.
• Determine and perform complex configuration changes to meet business and information security requirements; perform capacity analysis; recommend and implement capacity increases.
• Serve as the technical escalation for results of preventative maintenance routines; supervise preventative maintenance; represents infrastructure security support in significant projects and performs the most complex operations and administration tasks.
• Respond to level 3 & 4 change and problem requests without supervision; lead level 1 & 2 incident recoveries and root cause analysis.

Benefits

• Merit increases
• Paid holidays
• Paid Time Off
• Incentive bonus programs
• Medical, dental, vision benefits
• Short and long term disability benefits
• 401(k) + match
• Stock purchase plan
• Life insurance
• Wellness programs
• Financial education resources