Job Description
This DevSecOps role is foundational to our engineering department. We aren’t looking for just another DevOps hand—we need a Security Guardian who understands that reliable software must first be secure, especially when handling Protected Health Information (PHI). You will own the full security lifecycle of our platform, turning complex regulatory requirements (like HIPAA) into simple, automated, and ironclad engineering solutions.
This is where technical mastery meets legal compliance. If you thrive on bridging the gap between rapid development cycles and critical healthcare regulations, this role is for you.
What You Will Own:
– Define and enforce our approach to handling PHI, making HIPAA adherence a non-negotiable part of every system we build or update.
– Build robust CI/CD pipelines that aren’t just deploy code; they automatically inject security checks—from vulnerable scanning to compliance verification and ensuring least-privilege access at every single step.
– Lead design and code reviews, proactively identifying architectural weak points or compliance risks before they become problems in production.
– Keep our core platforms running smoothly by continually hardening them, establishing security baselines, and maintaining thorough documentation to ensure we are always audit-ready.
