My client, a pioneer in Digital Health is looking for a highly skilled and passionate DevSecOps Engineer to join their team on a contract basis, with the potential of going full-time. The ideal candidate will combine a strong background in development, security, and operations to help drive the integration of security practices into the entire software development lifecycle. This role is critical to ensuring that our systems and applications are secure, scalable, and compliant with industry standards, especially in the healthcare sector.
You’ll work closely with cross-functional teams (including Engineering, Product, Security, and Operations) to implement security tools, automate workflows, and ensure that our platforms are built and maintained with security at the forefront.
Key Responsibilities:
-
Secure Development & Operations:
Implement and automate security best practices throughout the entire development and deployment pipeline. Ensure secure coding practices and security controls are in place from development to production. -
Continuous Integration & Continuous Deployment (CI/CD):
Collaborate with developers and IT operations to design and implement CI/CD pipelines that integrate security controls, automated testing, and vulnerability assessments into every stage of the software development lifecycle. -
Cloud Security:
Provide expertise in securing cloud infrastructure across multiple providers (AWS, Azure, GCP) and work closely with cloud engineers to ensure that security measures are integrated into cloud services, infrastructure, and applications. -
Risk Assessment & Mitigation:
Perform regular security audits, vulnerability assessments, and risk analysis. Identify and resolve security threats and vulnerabilities before they can affect production systems. -
Automation & Scripting:
Develop and maintain automation scripts for monitoring and managing security aspects of systems. This includes scripting for automated patch management, vulnerability scanning, and compliance checks using tools like Ansible, Terraform, or similar. -
Incident Management & Troubleshooting:
Lead and assist with troubleshooting security incidents and escalations. Participate in on-call rotations, providing application and infrastructure support for security-related incidents. -
Collaboration & Communication:
Work with various teams (Product, Engineering, IT, and Client Support) to ensure security requirements are understood and integrated into all aspects of product design and deployment. Facilitate cross-functional meetings to track security-related projects and improvements. -
Monitoring & Alerting:
Implement and configure security monitoring tools (SIEM, intrusion detection systems, etc.) to identify suspicious activities. Set up automated alerts to proactively respond to potential security incidents. -
Compliance & Documentation:
Ensure compliance with industry standards, including HIPAA and other regulatory requirements related to security and privacy in healthcare. Maintain security documentation, including security policies, incident reports, and compliance checklists. -
Training & Best Practices:
Educate internal teams on security best practices and assist in implementing security-focused coding guidelines, processes, and workflows across the organization.
Requirements:
- 6+ years of experience in a DevOps or SecOps role, with a focus on secure software development, infrastructure automation, and cloud security.Experience with container security (e.g., container image scanning, Kubernetes security).
-
Strong knowledge of security concepts and frameworks, including risk management, vulnerability assessments, and secure coding practices. Hands-on experience with security tools like vulnerability scanners, SIEM, firewalls, and intrusion detection systems (IDS).
-
Deep understanding of securing cloud infrastructure (AWS, Azure) and experience with securing containerized environments (e.g., Kubernetes, Docker).
-
Proficiency in scripting languages (e.g., Python, Bash, PowerShell) and experience with automation tools (e.g., Terraform, Ansible, Jenkins).
-
Experience in implementing CI/CD pipelines with a focus on security integration (e.g., SAST, DAST, and secret management).
-
Knowledge of compliance frameworks such as HIPAA, GDPR, SOC 2, and understanding of data protection and privacy laws in the healthcare sector.
-
Strong communication and collaboration skills to work across teams and ensure that security is integrated at every stage of development and deployment.
Certifications:
- Relevant security certifications, such as Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP), or CompTIA Security+, are a plus.
- Cloud-related certifications (AWS, Azure, GCP) are highly desirable.
Education:
Bachelor's degree in Computer Science, Information Security, Engineering, or a related field, or equivalent practical experience.
Preferred Qualifications:
- Familiarity with Infrastructure as Code (IaC) and its security considerations.
- Knowledge of Agile or Scrum methodologies.
- Familiarity with healthcare interoperability standards (FHIR, HL7) is a plus.