Principal TPM, DevSecOps

Prescryptive Health, Inc.•Washington, DC

About The Position

Prescryptive is the healthcare technology company enabling the direct access marketplace for prescription drugs. Our platform aligns incentives so affordability, choice, and patient access become the natural outcome of a functioning system. Learn more about us by following us on LinkedIn or visiting Prescryptive.com. About this role We're looking for a Principal TPM to own the strategy and delivery of our secure software supply chain — shaping how security is built into our platforms, not bolted on after the fact. This is not a coordination role. You'll have real ownership over strategy, architecture decisions, and outcomes, working alongside engineers and security architects to measurably improve how we deliver secure software at scale. You'll drive cross-functional programs spanning security engineering, platform engineering, and product development, partnering with engineering leadership to design systems that make the secure path the easy path. If you're energized by hard problems at the intersection of speed and security, and ready to set direction rather than follow it, this role was built for you. The ideal candidate has operated at the intersection of software engineering and security, speaks fluently in both CI/CD pipelines and risk frameworks, and has a track record of turning ambiguous security mandates into well-defined, executable programs.

Requirements

Technical credibility. You've worked in or alongside software or infrastructure engineering. You understand CI/CD pipelines, cloud security architecture (AWS, Azure, or GCP), IaC (Terraform, Ansible, or CloudFormation), and security tooling well enough to earn trust from senior engineers — not just facilitate their conversations.
Program management at scale. You've led large, ambiguous, multi-team programs from definition through delivery. You're comfortable with dependency mapping, risk registers, and milestone accountability across organizations with competing priorities.
Influence without authority. You know how to align teams that don't report to you, build consensus across organizational boundaries, and drive change in environments where security isn't always the top priority.
Executive presence. You make complex technical risk legible to non-technical stakeholders and can hold your own in architecture discussions with senior engineers in the same meeting.
8+ years in technical program management, software engineering, DevOps, or security engineering — with at least 3–4 years at the principal or staff level
Demonstrated impact leading security programs at scale — spanning 5+ engineering teams or 200+ engineers — with measurable outcomes such as reduced vulnerability remediation time, improved audit pass rates, or accelerated security review cycles

Nice To Haves

Hands-on engineering background strongly preferred
Relevant certifications a plus: CISSP, CCSP, AWS/Azure/GCP Security Specialty, SAFe Program Consultant

Responsibilities

Own the DevSecOps roadmap. Define and execute the strategy for integrating security across our SDLC — SAST, DAST, dependency scanning, secrets detection, container security — ensuring controls are comprehensive without becoming delivery bottlenecks.
Lead complex, cross-functional programs. Manage a portfolio of interdependent security and infrastructure initiatives. Map dependencies, hold delivery cadences accountable, and escalate the right things at the right time.
Build paved roads. Design shared pipeline templates, hardened base images, and reusable IaC modules that embed security as a default — reducing cognitive load on developers and eliminating per-team reinvention of compliance.
Own risk and compliance. Maintain a clear view of technical security risk across your portfolio. Keep teams continuously audit-ready against relevant frameworks (SOC 2, ISO 27001, HIPAA, HITRUST) through automation, not heroics.
Communicate across all levels. Translate security risk into business language for executives, and compliance requirements into engineering priorities for teams. You should be equally effective in a sprint review and a leadership risk briefing.