Role Description
The DevSecOps Engineer is responsible for strengthening the organization's security posture by integrating security across the software development lifecycle, DevOps processes, and cloud environments. Serving as a liaison between Security and Development teams, this role facilitates vulnerability management, coordinates remediation efforts, enhances automated security controls within CI/CD pipelines, and promotes secure development practices. The engineer collaborates with development, operations, and QA teams to implement secure-by-design principles, conduct threat modeling, manage DevSecOps security tools, monitor security alerts and incident response activities, and drive continuous security improvements through automation, risk reduction, security metrics, stakeholder engagement, and secure authentication practices.
Qualifications
-
Excellent communication skills, both written and spoken
-
Strong interpersonal, time management, organizational, problem solving and analysis skills
-
Drive to complete project work on time
-
Ability to effectively prioritize and handle multiple tasks and projects
-
Participation in on-call rotation
Requirements
-
Bachelorโs degree in Computer Science, Cybersecurity or related field (or equivalent experience)
-
~3-5 years of combined experience in cybersecurity or DevOps, with at least 2+ years focused on DevSecOps or secure DevOps practices
-
Experience with application and infrastructure security tools, including SAST/DAST scanners, vulnerability management platforms, SIEM or monitoring systems
-
Experience with Software Composition Analysis (SCA), open-source dependency management, container image security, and software supply chain security practices
-
Experience with DevOps technologies, including CI/CD pipelines, Docker, Kubernetes, cloud platforms, Terraform or other Infrastructure as Code (IaC) technologies, automation scripting, and CI/CD security integration is strongly preferred
-
Solid understanding of secure software development practices and common application security vulnerabilities
-
Familiarity with identity and access management (IAM) concepts and secrets management is a plus
-
Preferred Certifications: Security+, Certified Kubernetes Security Specialist (CKS), or equivalent cybersecurity, cloud security, container security, or DevSecOps certifications
-
Industry certifications (e.g., AWS/GCP/Azure security certs) are a plus
-
Demonstrated commitment to ongoing professional development and continuing education in cybersecurity, cloud security, application security, or DevSecOps
Benefits
-
Willing and ready to exemplify HHITโs core values on a daily basis
-
Responsible for protecting data entrusted to HHIT by customers or other parties by strictly adhering to HHITโs data security and privacy policies and procedures, as well as HIPAA, PIPEDA and all other applicable law
-
Speaking and writing English is a requirement for this position
-
Must be authorized to work in the United States
Physical Requirements
-
Prolonged periods sitting at a desk and working on a computer
-
Must be able to lift up to 15 pounds at times