Job Description

JOB OVERVIEW: DeliverHealth is seeking an experienced Senior DevSecOps Engineer to join our team. As a SeniorDevSecOps Engineer, you will integrate security best practices into our DevOps workflows, ensuring the development, deployment, and operation of secure and reliable applications. You will collaborate with development, security, GRC, and operations teams to build automated, scalable, and secure solutions for our infrastructure and applications. You will own the HITRUST evidence gathering process for DevOps. This employees job duties require access to covered information. The employee is subject to additional screening. This designation shall be reviewed at least annually. JOB DUTIES & RESPONSIBILITIES Design, implement, and maintain security controls in CI/CD pipelines to enable secure development and delivery practices. Develop and maintain automation scripts/tools to detect and remediate vulnerabilities in infrastructure and code. Collaborate with development teams to identify security risks, conduct threat modeling, and ensure secure architecture design. Implement scanning tools (e.g., SAST, DAST, container scanning) and address vulnerabilities in code, dependencies, and infrastructure. Secure cloud infrastructure (e.g., AWS, Azure, GCP) using tools such as IAM, security groups, and network policies. Conduct risk assessments and security audits to ensure compliance with industry standards and regulations. Collaborate with cross-functional teams to integrate security best practices into development and operations processes. Implement and manage security controls across Microsoft Office 365, Defender Suite, Intune, and Azure environments. Coordinate closely with GRC team on HITRUST controls, evidence gathering, and developing best practices for certification in tight time frames. Assist in incident response, root cause analysis, and remediation of security incidents. Ensure adherence to security frameworks and regulations (e.g., HIPAA, HITRUST). Deploy and monitor security tools, ensuring real-time visibility into potential threats and risks. Provide guidance on security policies, procedures, and best practices. Assist in the development and implementation of a comprehensive GRC program. Participate in on-call rotations to provide 24/7 support for critical systems. All DeliverHealth employees must follow the organization’s privacy and information security policies, processes, and standards. There are no exceptions to this expectation. QUALIFICATIONS 5+ years of experience in DevOps, Information Security, or related field. Hands-on experience with security tools such as SonarQube, Microsoft Defender or similar. Proficiency in one or more scripting/programming languages (e.g. Powershell, Python, Bash, C#, Java). Expertise in securing cloud environments (AWS, Azure, or GCP). Strong knowledge of CI/CD tools like GitHub Actions, Jenkins , or Azure DevOps with integrated security checks. Experience with IaC tools (e.g., Terraform, CloudFormation, Ansible, Powershell DSC) and their security considerations. Deep understanding of securing containers and orchestration platforms (Docker, ECS, Azure Containers, or Kubernetes). Familiarity with security frameworks and standards such as OWASP, NIST, CIS Benchmarks. Knowledge of penetration testing, secure coding practices, and encryption technologies. Familiarity with monitoring and logging solutions, such as Datadog, Azure Monitor, AWS CloudWatch, Zabbix, or ELK stack.