Principal DevSecOps Engineer

Description

Location: This position is located at our Dublin, OH campus, but we are open to remote candidates.

We're on a mission to make healthcare simpler and more effective. We fight to ensure our members get the care they need, when they need it, at the most affordable cost - that's why we call ourselves Healthcare Warriors™. We're committed to building diverse and inclusive teams, so if you're excited about this position, we encourage you to apply - even if your experience doesn't match every requirement.

The Security DevOps Lead will be a leader for the next generation of security automation at Quantum Health. This is both a hands-on and leadership position. You will prioritize and detail Security DevOps projects, then lead engineering in implementation. Identify gaps in security relating to the platform and CICD pipeline and propose solutions to remediate.

What you'll do

• Help define DevSecOps roadmap and priorities.
• Communicate program's benefits and progress with executive stakeholders.
• Be a security leader for the organization, mentoring and teaching security principles and practices to Application Development and Platform Engineers.
• Mentor & teach DevOps and DevSecOps engineers relevant security topics
• Evaluate and prioritize security across projects, based on risk, cost, and business goals
• Perform Security Reviews of AWS Cloud Architecture & Implementations
• Lead the Security Architecture and Planning functions
• Integrate security tools into CD/CD Pipelines.
• Secure CI/CD Pipelines built with GitHub Actions & Flux.
• Automate Application & Container security using Snyk, Sonar, and other tools.
• Provide security expertise to platform and application development teams.
• Design secure TLS Certificate Management Strategies
• Automate other tasks using GitHub Actions, C#, Bash Scripts.

What you'll bring

• Bachelor's degree and/or 8+ years' relevant work experience.
• Experience as a Lead Software Engineer, SRE, or DevOps Engineer.
• Ability to translate security goals into concrete engineering projects and tasks.
• Application Security experience (SAST and/or DAST)
• Experience developing CICD Pipelines. (GitHub Actions, GitLab CICD, Circle CI, Travis CI, etc)
• Experience integrating Security Tools into CICD Pipelines. (SAST, DAST, SCA, Container Scan)
• Experience securing Containers and K8s/Kubernetes infrastructure.
• Ability to articulate security principles & practices to other technical stakeholders and provide guidance as to "why & how" a principle, tool, or technique is important.
• Interest in learning new technologies, security tools, techniques, and approaches.
• Trustworthy and accountable behavior, capable of viewing and maintaining confidential information daily.
• Nice-to-have: SRE, Ops or SysAdmin experience
• Nice-to-have: SecOps / SEIM or Incident Response experience.

What's in it for you

• Compensation: Competitive base pay, incentive plans and employee referral bonuses.
• Coverage: Health, vision and dental featuring our best-in-class healthcare navigation services, along with life insurance, legal and identity protection, adoption assistance, EAP, Teladoc services and more.
• Retirement: 401(k) plan with up to 4% employer match and full vesting on day one.
• Balance: Paid Time Off (PTO), 7 paid holidays, parental leave, volunteer days, paid sabbaticals, and more.
• Development: Tuition reimbursement up to $5,250 annually, certification/continuing education reimbursement, discounted higher education partnerships, paid trainings and leadership development.
• Culture: Recognition as a Best Place to Work for 15+ years, dedication to diversity, philanthropy and sustainability, and people-first values that drive every decision.
• Environment: A modern workplace with a casual dress code, open floor plans, full-service dining, free snacks and drinks, complimentary 24/7 fitness center with group classes, outdoor walking paths, game room, notary and dry-cleaning services and more! Check out our home: https://youtu.be/xRnbvCW_YgA

What you should know

• Internal Associates: Already a Healthcare Warrior? Apply internally through Jobvite.
• Process: Application > Phone Screen > Online Assessment(s) > Interview(s) > Offer > Background Check
• Diversity, Equity and Inclusion: Quantum Health welcomes everyone. We value our diverse team and suppliers, we're committed to empowering our ERGs, and we're proud to be an equal opportunity employer.
• Agencies: Quantum Health does not accept unsolicited resumes or outreach from third-parties. Absent a signed MSA and request/approval from Talent Acquisition to submit candidates for a specific requisition, we will not approve payment to any third party.
• Sponsorship: Applicants must be legally authorized to work in the United States on a permanent and ongoing future basis without requiring sponsorship.

#LI-KT1 #LI-Hybrid

Note: Compensation information published by job boards are estimates and not verified by Quantum Health. Details surrounding compensation will be disclosed throughout the interview process. Compensation offered is based on the candidate's unique combination of experience and qualifications related to the position.