DevSecOps Engineer (Healthcare Cloud Security & Compliance)

Job Description

Job Summary: We are looking for a DevSecOps Engineer with 4-6 years of experience in Azure DevOps, Infrastructure Automation, and Security Operations (SecOps) to enhance the security, scalability, and compliance of our healthcare cloud platform. This role requires deep expertise in Azure DevOps, infrastructure automation, and compliance-driven security to support a regulated healthcare environment. Key Responsibilities: 1. DevOps Engineering & CI/CD Pipeline Automation Design, implement, and manage CI/CD pipelines using Azure DevOps for automated infrastructure provisioning and application deployments. Automate build, test, and deployment processes using Terraform, ARM Templates, or Bicep. Ensure version-controlled infrastructure as code (IaC) for consistent and repeatable deployments. Optimize CI/CD pipelines for faster, secure, and compliant releases. 2. Infrastructure Setup Using DevOps Platforms Design and deploy scalable Azure cloud infrastructure (VMs, Kubernetes, App Services, Networking, Storage). Implement network security best practices using NSGs, Azure Firewall, Private Link, and VPNs. Manage containerized deployments using Docker & Azure Kubernetes Service (AKS). Monitor and optimize cloud performance, cost, and security using Azure Monitor & Application Insights. 3. CI/CD Pipeline Implementation for Infrastructure & Application Deployment Infrastructure Setup Using CI/CD Pipelines: Automate cloud infrastructure provisioning (VMs, databases, networking) through Terraform, ARM, or Bicep. Implement role-based access control (RBAC) and enforce least privilege access in cloud environments. Application Deployment Using CI/CD Pipelines: Develop zero-downtime deployment strategies using Blue-Green & Canary Deployments. Automate code integration, security scanning, and artifact management. Secure deployments using container scanning and static code analysis. 4. Compliance & Security (HIPAA/SOC 2 Policy Implementation) Contribute to security & compliance policies ensuring adherence to HIPAA, SOC 2, and industry regulations. Implement audit logging, monitoring, and alerting using Microsoft Sentinel (SIEM). Implement data encryption, backup policies, and disaster recovery strategies. Assist in internal security audits and risk assessments. Required Skills & Qualifications: DevOps & Automation Azure DevOps (Pipelines, Artifacts, Release Management) Infrastructure as Code (IaC) Terraform, ARM, Bicep CI/CD Automation – YAML Pipelines, GitHub Actions, Jenkins Container Orchestration – Docker, Kubernetes (AKS) Monitoring & Logging – Azure Monitor, Application Insights Cloud Infrastructure & Security Azure Cloud Services – VMs, Networking, Storage, Azure SQL Identity & Access Management (IAM) – Entra ID, PIM, RBAC Cloud Security Best Practices – Defender for Cloud, SIEM (Microsoft Sentinel) Compliance & Governance Understanding of HIPAA, SOC 2, and cloud security frameworks Experience in policy implementation & security compliance audits