We are seeking a DevSecOps Engineer to join our growing platform team. In this role, you will play a key part in securing platforms that handle sensitive patient health information (PHI) and ensuring compliance with healthcare regulatory standards. You’ll embed security practices into our DevOps pipelines, strengthen our security posture, and help us meet the highest standards of privacy and trust in healthcare.

You will work closely with engineering, compliance, and data teams to implement secure-by-design principles, threat modeling, and risk analysis, and SAST/DAST testing, while supporting preparation for audits and regulatory filings.

Responsibilities

• Integrate security controls into CI/CD pipelines and development workflows.

• Conduct threat modeling and identify potential risks across applications and infrastructure.

• Perform risk analysis and track security metrics to measure and improve security posture.

• Implement automated SAST (Static Application Security Testing) and DAST (Dynamic Application Security Testing) for code and applications.

• Manage and maintain Software Bill of Materials (SBOMs) for applications and services.

• Support preparation of regulatory compliance documentation (HIPAA, SOC2, ISO 27001).

• Collaborate with developers to remediate vulnerabilities and improve application security.

• Monitor and respond to security events, incidents, and compliance requirements.

• Drive a security-first culture across engineering and operations teams.

• Ensure secure configuration and compliance of cloud services (AWS, Azure, or GCP).

Requirements

• 3+ years of experience in DevSecOps, Cloud Security, or related fields.

• Hands-on experience with CI/CD tools (GitLab CI, Jenkins, GitHub Actions, etc.).

• Strong knowledge of containerization and orchestration (Docker, Kubernetes).

• Familiarity with cloud platforms (AWS, Azure, or GCP) and their security models.

• Experience with security tools, including SAST/DAST tools (Snyk, Checkmarx, Veracode, Aqua, Trivy, Twistlock, etc.).

• Proficiency in scripting languages (Python, Bash, Go, etc.).

• Understanding of healthcare compliance frameworks including HIPAA, as well as ISO 27001 and SOC2.

• Experience with threat modeling, risk assessments, and compliance-driven reporting.

Nice to have

• Experience with secrets management (HashiCorp Vault, AWS Secrets Manager).

• Exposure to SIEM, log management, and monitoring solutions.

• Background in healthcare, life sciences, or other compliance-heavy industries.

• Certifications such as CISSP, HCISPP, CKS, AWS Security Specialty, or similar.

1. Initial Screening (30 minutes) – Brief conversation to review background, experience, and interest.

2. Take-Home Assignment & Presentation – Create a presentation based on the provided scenario and present it to the platform team.

3. Meeting with Director of Platform – Discuss motivation, technical approach, and security strategy.

4. HR Interview & Offer Discussion – Review benefits, culture fit, and finalize employment offer.

Why join us?

• Work on cutting-edge healthcare technology with a direct impact on compliance and security.

• Collaborative and growth-focused engineering culture.

• Competitive salary and professional development support.

• Flexible work arrangements (office/remote).