DevSecOps Engineer

Overview

The Role The DevSecOps Engineer is a strong technical position which will support the various cloud DevSecOps information security and cybersecurity projects on various project life cycle and maturity assessment. In your security capacity, you may be advising on responding to security incidents, developing detection techniques, supporting SOC2 / HITRUST certification efforts, handling security and compliance requests, testing, and providing feedback. We are seeking an enthusiastic, passionate professional for a DevSecOps Senior Engineer position with established experience with cloud (e.g. AWS, GCP) services, DevOps practices such as build/release management, secure SDLC/DevSecOps practices such as automating processes in CI/CD pipeline, implementing SOC2 and/or HITRUST certification efforts, site reliability and general automation. Your skills are broad - implementing cloud solutions for application architectures, scripting, database and other data services and ensuring reliability – and you easily transition between those and handle multiple projects and priorities. Required skills and experience: ● 2-5 years of experience in DevOps, SRE domain ● Experience in developing or administering the security of cloud environments AWS, GCP, etc. ● Practical knowledge of DevOps toolbox: Configuration Management (Ansible, Terraform etc),Containers (Docker, Kubernetes), Continuous Integration & Continuous Delivery (CI/CD) (Jenkins,Github CI), Databases (MongoDB, Postgres) ● Experience in maintaining an ELK (Elasticsearch, Logstash, and Kibana) stack ● Experience in supporting Linux in production environments, working with Unix firewalls, access controls and disk encryption ● Knowledge and understanding of information security legal and regulatory requirements, such as Health Insurance Portability and Accountability Act (HIPAA) ● Experience working with industry standards or programs such as SOC2, HITRUST is a plus ● Practical knowledge of several security practices in SDLC and supporting it security tools, access control, application security, network security, security architecture and security strategy. ● Good working knowledge of Python ● Healthcare experience a big plus ● Must be able to work independently or with a team, under minimum supervisionWhat you need to know: Additional job details: Responsibilities: ● Partner with the Engineering team to create, implement and apply DevSecOps principles, processes and culture. ● Ensure appropriate security practices are communicated and implemented within their application security programs. Support adherence and awareness of these practices. ● Support SOC2 and/or HITRUST certification efforts. ● Work with the teams with on-boarding to the adopted security tools/technologies. ● Build & support Site Reliability function & participate in building tools to report system KPIs. ● Deliver tasks based on project objectives; technically support projects through to completion. ● Work with teams to bring continuous improvement to DevSecOps processes and tools.

Qualifications

• Bachelor's degree or higher
• DevOps, SRE Domain (3+ years)
• 4+ years of experience in ANY of the following:
  • SOC2
  • HITRUST
  • HIPAA
  • ELK
  • CI/CD
• Are you okay working a hybrid schedule remote/ in office?

Benefits

Company

We are an innovative pharmacy benefits company that works directly with employers and health benefit vendors to provide you and your family with easy to understand pharmacy benefits. We provide personalized medication guidance, with hands-on support from Medication Guides (expert pharmacists and pharmacy technicians) as well as an easy-to-use mobile app to help you manage your medications and see ways to save money. Our mission is to create a significantly better medication experience for all our members, putting their health and needs first as they navigate the complexity of medications by offering our clinical expertise to them and their trusted providers to save them money and to improve their health. We’re unsatisfied with the status quo in pharmacy benefits management and medication guidance. We know that we can provide an easier and more personalized, cost-effective, and equitable experience for members, while helping our clients--those who provide pharmacy benefits--make a more impactful investment in their members’ health.