Define and lead the DevSecOps vision and roadmap across infrastructure, application, and CI/CD ecosystems.
Architect secure-by-design cloud-native systems across AWS/GCP environments.
Establish security patterns, guardrails, and reference architectures for engineering teams.
Evaluate and implement modern security tooling across SAST, DAST, SCA, container scanning, IaC scanning, and runtime protection.
Embed security controls into CI/CD pipelines and developer workflows.
Drive infrastructure-as-code security best practices (Terraform, CloudFormation, etc.).
Automate security testing and compliance checks to reduce manual overhead.
Implement policy-as-code and automated governance controls.
Lead identity and access management (IAM) strategy and least-privilege enforcement.
Strengthen container and Kubernetes security posture.
Oversee secrets management, encryption standards, and key management processes.
Partner with infrastructure teams on network segmentation, zero-trust architectures, and environment isolation.
Support and mature Alto’s security program in alignment with HIPAA, SOC 2, HITRUST, and other healthcare regulatory frameworks.
Conduct threat modeling, security design reviews, and architecture risk assessments.
Partner with Security and Compliance teams on audits and remediation efforts.
Provide senior-level leadership during security incidents, including root cause analysis and long-term mitigation planning.
Mentor senior and mid-level engineers on secure coding and DevSecOps practices.
Influence engineering leadership and executive stakeholders on security strategy and risk prioritization.
Drive cross-functional alignment across Engineering, Product, IT, and Compliance.
Raise the overall security maturity of the organization through scalable frameworks and standards.
Requirements
14+ years of experience in software engineering, infrastructure engineering, or security engineering, with significant experience in DevSecOps environments
Deep expertise in cloud security architecture (AWS and/or GCP)
Strong experience securing containerized and Kubernetes-based environments
Hands-on experience with CI/CD systems (GitHub Actions, GitLab CI, CircleCI, Jenkins, etc.)
Expertise in infrastructure-as-code (Terraform, CloudFormation) and securing IaC pipelines
Strong knowledge of application security principles, OWASP Top 10, and secure coding practices
Experience implementing and scaling SAST, DAST, SCA, container scanning, and secrets detection tools
Deep understanding of IAM, RBAC, zero-trust models, and encryption best practices
Experience with observability platforms and integrating security telemetry into monitoring systems (preferred)
Tech Stack
AWS
Cloud
Google Cloud Platform
Jenkins
Kubernetes
Python
Ruby
Terraform
Go
Benefits
dental, vision, and multiple group medical plans to choose from
a 401(k) retirement savings plan
group life insurance
accidental death and dismemberment (AD&D) insurance
flexible spending account (FSA) and health savings account (HSA)
commuter benefits
employer-paid short-term (STD) and long-term disability (LTD) insurance
additional supplemental insurance plans (spouse life insurance, legal insurance, an employee assistance program, home health testing kits, and a fertility medication discount program)
flexible vacation time
accrued paid sick time
10 paid holidays
2 floating holidays for full time non-exempt employees
eight weeks of paid parental leave for eligible employees