Key skills
DevSecOps expertiseAWS/GCP experienceCI/CD security strategySAST/DAST/IAST/RASP toolsContainer orchestrationRegulatory compliance knowledgeAgile workflowsAnalytical skillsAWSAmazon Web ServicesGCPGoogle CloudKubernetesDockerAgileScrumKanbanCI/CDLeadershipOWASP
About this role
OpenLoop is a telehealth support solutions company co-founded by Dr. Jon Lensing and Christian Williams, aiming to bring care anywhere. They are seeking a Staff Security Engineer (DevOps Integrations) to act as a DevSecOps subject matter expert, overseeing security practices and ensuring compliance throughout the development lifecycle.
Responsibilities:
- Build relationships with developers and stakeholders to incorporate security principles into engineering design and deployments
- Supervise validation in security controls and testing across projects, using SAST, DAST, IAST and RASP tools, documenting any security findings, outlining remediation options and overseeing mitigation
- Oversee implementation of defensive practices and countermeasures across infrastructure and applications
- Draft and uphold CI/CD security strategy and practices in tandem with other technical team leads
- Lead continuous product and application security reviews, focused on secure development practices, threat modeling, vulnerability management, architecture and application security design
- Ensure security principles and validations are consistently implemented throughout the CI/CD pipeline by embedding robust, security-focused practices into all automation processes
- Attend and participate in product meetings addressing security requirements for new and existing products
- Build services and tools to enable developers and engineers to use security components successfully
- Simplify automation that applies security inter-workings with CI/CD pipelines
- Support the ability to 'shift left' and incorporate security early on and throughout the development lifecycle
- Communicate vulnerability results to both technical and non-technical stakeholders, focused on risk tolerance and threat to the business, in order to gain support through influential messaging
- Leverage vulnerability database sources to understand the weakness, probability and remediation options supplied by vendors
- Join forces and provision security principles in architecture, infrastructure and code
- Regularly research and learn new tactics, techniques and procedures (TTPs)
- Partner with teams to define key performance indicators (KPIs) and metrics across business units
- Ensure regulatory compliance (e.g., PCI, HIPAA, HITRUST, NIST CSF) through effective security controls and processes
- Other duties as assigned
Requirements:
- Bachelor's degree in computer science (preferred), information assurance, MIS or related field, or equivalent
- 7+ years of security and systems administration-related experience, to include 3+ years of related cloud and security engineering experience
- Experience with operations and security across Amazon Web Services (AWS) and/or Google Cloud Platform (GCP)
- Experience with agile workflows, including Scrum and Kanban
- Understanding of containers (e.g., Docker) and container orchestration (e.g., Docker Swarm, Kubernetes)
- Proficient in securing Windows and *nix operating systems, endpoint applications, networking protocols and devices
- Ability to obtain and maintain technical team and business support to influence a collaborative effort to reduce attack surface while performing rapid, continuous implementation
- Understanding of OWASP, CVSS, the MITRE ATT&CK framework and (SLDC)
- Knowledge of Payment Card Industry (PCI), Health Information Portability and Accountability Act (HIPAA), Gramm-Leach-Bliley Act (GLBA), National Institute of Standards (NIST) or International Standards Organization (ISO) requirements
- Self-starter mentality requiring minimal supervision
- Analytical and problem-solving abilities with a proactive, risk-based approach
- Highly organized and efficient
- Demonstrated strategic and tactical thinking, along with decision-making skills and business acumen
- Strong internal service minded, to provide support to all teams and leadership
- Adaptability to handle dynamic and challenging environments
- Energetic, resourceful, and appropriate work intensity to get the work done
- Strong people acumen and relationship skills
- Experience in healthcare or digital health is a plus