Director of Application and DevSecOps Security

🕒 May 26

🤠 Texas – Remote

🤠 Texas – Remote

💵 $150.2k - $214.5k / year

⏰ Full Time

🔴 Lead

⛑ DevOps & Site Reliability Engineer (SRE)

🦅 H1B Visa Sponsor

This company has sponsored H1B visas in the past.

Apply Now

Find Similar Remote Jobs

Receive Emails For Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Upload Resume

Gainwell Technologies

WebsiteLinkedInAll Job Openings

10,000+ employees

⚕️ Healthcare Insurance

💰 Grant on 2023-06

Healthcare Insurance • Human Services • Healthcare

Gainwell Technologies is the nation’s leading provider of digital and cloud-enabled solutions across the human services and public health ecosystem. With a mission-driven approach, Gainwell serves clients in all 50 U. S. states, focusing on improving health outcomes and delivering intuitive, human-centered experiences. Their comprehensive suite of solutions includes Medicaid Enterprise modernization, data analytics, provider services, and pharmacy solutions, all designed to advance the future of healthcare and enhance community well-being.

📋 Description

• Define and lead the enterprise Application Security and DevSecOps strategy aligned to business objectives • Build and mature a shift-left security program integrated into CI/CD pipelines • Establish and implement roadmap for API security, including governance, discovery, and runtime protection • Balance governance with enablement by establishing guardrails, reusable patterns, and self‑service security tooling that empower engineering teams • Lead, mentor, and grow a high-performing security engineering team • Oversee secure coding practices, SAST/DAST/SCA tooling, and vulnerability management processes • Define API security standards including authentication, authorization, rate limiting, and data protection • Drive threat modeling practices across critical applications and services • Partner with engineering and development teams to remediate risks and improve secure design patterns • Embed automated security controls into CI/CD pipelines • Champion developer-first security tooling and workflows • Partner with DevOps teams to ensure secure infrastructure-as-code (IaC) practices • Measure and improve security posture through pipeline metrics and KPIs • Define and maintain secure SDLC policies, standards, and control frameworks • Establish secure design and architecture requirements for new systems • Ensure alignment with regulatory and compliance requirements (e.g., SOC 2, ISO 27001, NIST) • Lead security reviews and design approvals for critical initiatives • Design and implement role-based and just-in-time developer security training programs • Build secure coding guidelines and internal knowledge resources • Drive security awareness and culture across engineering teams • Partner with leadership to ensure adoption and accountability • Define KPIs and KRIs for application and DevSecOps security maturity • Report on risk posture, vulnerabilities, and program effectiveness to executive leadership • Continuously assess and improve tooling, processes, and coverage

🎯 Requirements

• 10+ years of experience in cybersecurity with a strong focus on application security and DevSecOps • 5+ years in a leadership or director-level role managing teams • Deep expertise in secure SDLC, application security testing (SAST, DAST, SCA), and API security • Experience integrating security into CI/CD pipelines and cloud-native environments (AWS, Azure, or GCP) • Experience with container security, Kubernetes security, serverless security concepts and delivery • Strong knowledge of modern architectures (microservices, containers, Kubernetes) • Proven experience building security programs and influencing engineering culture

🏖️ Benefits

• Generous, flexible vacation policy • Educational assistance • Comprehensive health benefits • 401(k) employer match • Leadership and technical development academies