Key skills
AWSCloudGoogle Cloud PlatformJenkinsKubernetesPythonRubyTerraformGoGCPGoogle CloudGitHub ActionsGitLab CICloudFormationCircleCIIAMGitHubGitLabCI/CDLeadershipOWASPCloud Security
About this role
Role Overview
- Define and lead the DevSecOps vision and roadmap across infrastructure, application, and CI/CD ecosystems.
- Architect secure-by-design cloud-native systems across AWS/GCP environments.
- Establish security patterns, guardrails, and reference architectures for engineering teams.
- Evaluate and implement modern security tooling across SAST, DAST, SCA, container scanning, IaC scanning, and runtime protection.
- Embed security controls into CI/CD pipelines and developer workflows.
- Drive infrastructure-as-code security best practices (Terraform, CloudFormation, etc.).
- Automate security testing and compliance checks to reduce manual overhead.
- Implement policy-as-code and automated governance controls.
- Lead identity and access management (IAM) strategy and least-privilege enforcement.
- Strengthen container and Kubernetes security posture.
- Oversee secrets management, encryption standards, and key management processes.
- Partner with infrastructure teams on network segmentation, zero-trust architectures, and environment isolation.
- Support and mature Alto’s security program in alignment with HIPAA, SOC 2, HITRUST, and other healthcare regulatory frameworks.
- Conduct threat modeling, security design reviews, and architecture risk assessments.
- Partner with Security and Compliance teams on audits and remediation efforts.
- Provide senior-level leadership during security incidents, including root cause analysis and long-term mitigation planning.
- Mentor senior and mid-level engineers on secure coding and DevSecOps practices.
- Influence engineering leadership and executive stakeholders on security strategy and risk prioritization.
- Drive cross-functional alignment across Engineering, Product, IT, and Compliance.
- Raise the overall security maturity of the organization through scalable frameworks and standards.
Requirements
- 14+ years of experience in software engineering, infrastructure engineering, or security engineering, with significant experience in DevSecOps environments
- Deep expertise in cloud security architecture (AWS and/or GCP)
- Strong experience securing containerized and Kubernetes-based environments
- Hands-on experience with CI/CD systems (GitHub Actions, GitLab CI, CircleCI, Jenkins, etc.)
- Expertise in infrastructure-as-code (Terraform, CloudFormation) and securing IaC pipelines
- Strong knowledge of application security principles, OWASP Top 10, and secure coding practices
- Experience implementing and scaling SAST, DAST, SCA, container scanning, and secrets detection tools
- Deep understanding of IAM, RBAC, zero-trust models, and encryption best practices
- Experience operating in regulated environments (HIPAA, SOC 2, HITRUST, PCI, etc.)
- Strong scripting or programming skills (Python, Go, Ruby, or similar)
- Demonstrated ability to influence architectural decisions at a Staff or Principal level
- Experience in healthcare, pharmacy, fintech, or other highly regulated industries (preferred)
- Experience building DevSecOps programs from early-stage to scale (preferred)
- Background in site reliability engineering (SRE) or platform engineering (preferred)
- Security certifications such as CISSP, CISM, CCSP, or cloud security certifications (AWS/GCP) (preferred)
- Experience implementing threat modeling frameworks (STRIDE, PASTA, etc.) (preferred)
- Experience with observability platforms and integrating security telemetry into monitoring systems (preferred)
Tech Stack
- AWS
- Cloud
- Google Cloud Platform
- Jenkins
- Kubernetes
- Python
- Ruby
- Terraform
- Go
Benefits
- dental, vision, and multiple group medical plans to choose from
- a 401(k) retirement savings plan
- group life insurance
- accidental death and dismemberment (AD&D) insurance
- flexible spending account (FSA) and health savings account (HSA)
- commuter benefits
- employer-paid short-term (STD) and long-term disability (LTD) insurance
- additional supplemental insurance plans (spouse life insurance, legal insurance, an employee assistance program, home health testing kits, and a fertility medication discount program)
- flexible vacation time
- accrued paid sick time
- 10 paid holidays
- 2 floating holidays for full time non-exempt employees
- eight weeks of paid parental leave for eligible employees
- additional paid weeks for the birthing parent
- 4 weeks paid caregiver leave
- a Lifestyle Spending Account allowance each month