Apply on Employer Site

OpenLoop · 1 day ago

DevSecOps Integration Engineer

United States

Full-time

Remote

Senior Level

7+ years exp

OpenLoop is looking for a DevSecOps Integration Engineer to join their team remotely or at their HQ in Des Moines, IA. In this role, you will be responsible for being the DevSecOps subject matter expert across IT, software engineering, and product teams, providing strategic oversight and guiding through potential security issues.

Health CareIT InfrastructureMedicalService IndustryTelehealth

Responsibilities

Build relationships with developers and stakeholders to incorporate security principles into engineering design and deployments

Supervise validation in security controls and testing across projects, using SAST, DAST, IAST and RASP tools, documenting any security findings, outlining remediation options and overseeing mitigation

Oversee implementation of defensive practices and countermeasures across infrastructure and applications

Draft and uphold CI/CD security strategy and practices in tandem with other technical team leads

Lead continuous product and application security reviews, focused on secure development practices, threat modeling, vulnerability management, architecture and application security design

Ensure security principles and validations are consistently implemented throughout the CI/CD pipeline by embedding robust, security-focused practices into all automation processes

Attend and participate in product meetings addressing security requirements for new and existing products

Build services and tools to enable developers and engineers to use security components successfully

Simplify automation that applies security inter-workings with CI/CD pipelines

Support the ability to “shift left” and incorporate security early on and throughout the development lifecycle

Communicate vulnerability results to both technical and non-technical stakeholders, focused on risk tolerance and threat to the business, in order to gain support through influential messaging

Leverage vulnerability database sources to understand the weakness, probability and remediation options supplied by vendors

Join forces and provision security principles in architecture, infrastructure and code

Regularly research and learn new tactics, techniques and procedures (TTPs)

Partner with teams to define key performance indicators (KPIs) and metrics across business units

Ensure regulatory compliance (e.g., PCI, HIPAA, HITRUST, NIST CSF) through effective security controls and processes

Other duties as assigned

Qualification

DevSecOps expertiseCloud security engineeringAWSGCPCI/CD security practicesContainer orchestrationVulnerability managementRegulatory complianceAnalytical skillsRelationship skillsProblem-solving abilitiesCommunication

Required

Bachelor's degree in computer science (preferred), information assurance, MIS or related field, or equivalent

7+ years of security and systems administration-related experience, to include 3+ years of related cloud and security engineering experience

Experience with operations and security across Amazon Web Services (AWS) and/or Google Cloud Platform (GCP)

Experience with agile workflows, including Scrum and Kanban

Understanding of containers (e.g., Docker) and container orchestration (e.g., Docker Swarm, Kubernetes)

Proficient in securing Windows and ix operating systems, endpoint applications, networking protocols and devices

Ability to obtain and maintain technical team and business support to influence a collaborative effort to reduce attack surface while performing rapid, continuous implementation

Understanding of OWASP, CVSS, the MITRE ATT&CK framework and (SLDC)

Knowledge of Payment Card Industry (PCI), Health Information Portability and Accountability Act (HIPAA), Gramm-Leach-Bliley Act (GLBA), National Institute of Standards (NIST) or International Standards Organization (ISO) requirements

Self-starter mentality requiring minimal supervision

Analytical and problem-solving abilities with a proactive, risk-based approach

Highly organized and efficient

Demonstrated strategic and tactical thinking, along with decision-making skills and business acumen

Strong internal service minded, to provide support to all teams and leadership

Adaptability to handle dynamic and challenging environments

Energetic, resourceful, and appropriate work intensity to get the work done

Strong people acumen and relationship skills

Preferred

Experience in healthcare or digital health is a plus

Company

OpenLoop

OpenLoop is the nation’s top white-label digital health infrastructure provider, powering virtual care delivery for healthcare organizations, employers, retailers, and consumer brands.

Founded in 2020

Des Moines, Iowa, USA

201-500 employees