DevSecOps Engineer
Harmony Healthcare IT · South Bend, IN · 1 wk ago
EngineeringFull-time
Responsibilities
- Serve as the liaison between Security and Development teams by facilitating vulnerability management activities, integrating and enhancing automated security scanning within CI/CD pipelines, monitoring compliance with secure development standards, assessing application vulnerability exploitability, false positives, and remediation priority, and coordinating remediation efforts while tracking risk reduction and policy adherence.
- Collaborate with development teams to integrate security into the SDLC. Provide secure coding guidance, perform threat modeling during design phases, and ensure security requirements are addressed from planning through deployment.
- Facilitate and enhance CI/CD security controls through automated scanning, policy enforcement, and secure deployment guardrails.
- Evaluate, deploy, and manage security tools relevant to DevSecOps (static/dynamic code analysis, vulnerability scanners, cloud security platforms, etc.).
- Develop automation scripts and workflows to streamline security tasks such as patch management, intrusion detection, and compliance checks in code.
- Monitor and investigate security alerts across applications and infrastructure, perform initial incident triage and containment, escalate complex issues to SOC and senior security team members, and contribute to post-incident reviews and security improvements. Participate in on-call response as needed.
- Continuously monitor and improve the security posture of systems and DevOps processes, track key security metrics, recommend security enhancements based on emerging threats and best practices, and maintain security documentation aligned with organizational and compliance requirements.
- Work cross-functionally with development, operations, and QA teams to promote secure development practices, facilitate security reviews and stakeholder meetings.
- Manage and promote secure authentication practices, including key management, secrets management, token security, and credential protection, while ensuring compliance with company policies and standards.
Requirements
- Excellent communication skills, both written and spoken
- Strong interpersonal, time management, organizational, problem solving and analysis skills
- Drive to complete project work on time
- Able to effectively prioritize and handle multiple tasks and projects
- Participation in on-call rotation
Qualifications
- Bachelor’s degree in Computer Science, Cybersecurity or related field (or equivalent experience)
- ~3-5 years of combined experience in cybersecurity or DevOps, with at least 2+ years focused on DevSecOps or secure DevOps practices
- Experience with application and infrastructure security tools, including SAST/DAST scanners, vulnerability management platforms, SIEM or monitoring systems, etc.
- Experience with Software Composition Analysis (SCA), open-source dependency management, container image security, and software supply chain security practices
- Experience with DevOps technologies, including CI/CD pipelines, Docker, Kubernetes, cloud platforms, Terraform or other Infrastructure as Code (IaC) technologies, automation scripting, and CI/CD security integration is strongly preferred
- Solid understanding of secure software development practices and common application security vulnerabilities
- Familiarity with identity and access management (IAM) concepts and secrets management is a plus
Skills
- Preferred Certifications: Security+, Certified Kubernetes Security Specialist (CKS), or equivalent cybersecurity, cloud security, container security, or DevSecOps certifications
- Industry certifications (e.g., AWS/GCP/Azure security certs) are a plus
- Demonstrated commitment to ongoing professional development and continuing education in cybersecurity, cloud security, application security, or DevSecOps
Benefits
- Speaking and writing English is a requirement for this position
- Must be authorized to work in the United States
- Prolonged periods sitting at a desk and working on a computer
- Must be able to lift up to 15 pounds at times