openloophealth - Staff Security Engineer (DevOps Integrations)
Upload My Resume
Drop here or click to browse · Tap to choose · PDF, DOCX, DOC, RTF, TXT
Requirements
• Bachelor's degree in computer science (preferred), information assurance, MIS or related field, or equivalent. • 7+ years of security and systems administration-related experience, to include 3+ years of related cloud and security engineering experience • Experience with operations and security across Amazon Web Services (AWS) and/or Google Cloud Platform (GCP). • Experience with agile workflows, including Scrum and Kanban. • Understanding of containers (e.g., Docker) and container orchestration (e.g., Docker Swarm, Kubernetes). • Proficient in securing Windows and *nix operating systems, endpoint applications, networking protocols and devices. • Ability to obtain and maintain technical team and business support to influence a collaborative effort to reduce attack surface while performing rapid, continuous implementation. • Understanding of OWASP, CVSS, the MITRE ATT&CK framework and (SLDC). • Knowledge of Payment Card Industry (PCI), Health Information Portability and Accountability Act (HIPAA), Gramm-Leach-Bliley Act (GLBA), National Institute of Standards (NIST) or International Standards Organization (ISO) requirements. • Self-starter mentality requiring minimal supervision. • Analytical and problem-solving abilities with a proactive, risk-based approach. • Highly organized and efficient. • Demonstrated strategic and tactical thinking, along with decision-making skills and business acumen. • Experience in healthcare or digital health is a plus. • Strong internal service minded, to provide support to all teams and leadership • Adaptability to handle dynamic and challenging environments. • Energetic, resourceful, and appropriate work intensity to get the work done. • Strong people acumen and relationship skills. • We have a relatively flat organizational structure here at OpenLoop. Everyone is encouraged to bring ideas to the table and make things happen. This fits in well with our core values of Autonomy, Competence and Belonging, as we want everyone to feel empowered and supported to do their best work. • Sound like a good fit? We’d love to meet you.
Responsibilities
• Build relationships with developers and stakeholders to incorporate security principles into engineering design and deployments. • Supervise validation in security controls and testing across projects, using SAST, DAST, IAST and RASP tools, documenting any security findings, outlining remediation options and overseeing mitigation. • Oversee implementation of defensive practices and countermeasures across infrastructure and applications. • Draft and uphold CI/CD security strategy and practices in tandem with other technical team leads. • Lead continuous product and application security reviews, focused on secure development practices, threat modeling, vulnerability management, architecture and application security design. • Ensure security principles and validations are consistently implemented throughout the CI/CD pipeline by embedding robust, security-focused practices into all automation processes. • Attend and participate in product meetings addressing security requirements for new and existing products. • Build services and tools to enable developers and engineers to use security components successfully • Simplify automation that applies security inter-workings with CI/CD pipelines. • Support the ability to “shift left” and incorporate security early on and throughout the development lifecycle. • Communicate vulnerability results to both technical and non-technical stakeholders, focused on risk tolerance and threat to the business, in order to gain support through influential messaging. • Leverage vulnerability database sources to understand the weakness, probability and remediation options supplied by vendors • Join forces and provision security principles in architecture, infrastructure and code. • Regularly research and learn new tactics, techniques and procedures (TTPs). • Partner with teams to define key performance indicators (KPIs) and metrics across business units. • Ensure regulatory compliance (e.g., PCI, HIPAA, HITRUST, NIST CSF) through effective security controls and processes.
No credit card. Takes 10 seconds.