DevSecOps Integration Engineer

3 hours ago

🌾 Iowa – Remote

Although this job is listed in Iowa, this company may be open to hiring remote in other states.

⏰ Full Time

🟠 Senior

🔴 Lead

💻 Solutions Engineer

Apply Now

Receive Emails with Similar Jobs

OpenLoop

WebsiteLinkedInAll Job Openings

Healthcare Insurance • Telecommunications • SaaS

OpenLoop is a company dedicated to supporting and enhancing telehealth services. They offer comprehensive solutions designed to streamline virtual care delivery, including provider staffing, a technology platform, payer coverage, licensing, credentialing, and practice management. OpenLoop's services cater to both early-stage and established telehealth providers, as well as brick-and-mortar clinics looking to expand into telehealth. They have a vast network of clinicians, extensive insurance plan coverage, and operate across all 50 states, supporting a wide range of specialties and languages. Their offerings include white-label solutions and custom integrations to improve telehealth implementation and delivery.

51 - 200 employees

⚕️ Healthcare Insurance

📡 Telecommunications

☁️ SaaS

📋 Description

• OpenLoop is looking for a DevSecOps Integration Engineer to join our team remotely or at our HQ in Des Moines, IA. • You will be responsible for being our DevSecOps subject matter expert across the IT, software engineering and product teams. • Build relationships with developers and stakeholders to incorporate security principles into engineering design and deployments. • Supervise validation in security controls and testing across projects, using SAST, DAST, IAST and RASP tools, documenting any security findings, outlining remediation options and overseeing mitigation. • Oversee implementation of defensive practices and countermeasures across infrastructure and applications. • Draft and uphold CI/CD security strategy and practices in tandem with other technical team leads. • Lead continuous product and application security reviews, focused on secure development practices, threat modeling, vulnerability management, architecture and application security design. • Ensure security principles and validations are consistently implemented throughout the CI/CD pipeline by embedding robust, security-focused practices into all automation processes. • Attend and participate in product meetings addressing security requirements for new and existing products. • Build services and tools to enable developers and engineers to use security components successfully. • Simplify automation that applies security inter-workings with CI/CD pipelines. • Support the ability to “shift left” and incorporate security early on and throughout the development lifecycle. • Communicate vulnerability results to both technical and non-technical stakeholders, focused on risk tolerance and threat to the business, in order to gain support through influential messaging. • Leverage vulnerability database sources to understand the weakness, probability and remediation options supplied by vendors. • Join forces and provision security principles in architecture, infrastructure and code. • Regularly research and learn new tactics, techniques and procedures (TTPs). • Partner with teams to define key performance indicators (KPIs) and metrics across business units. • Ensure regulatory compliance (e.g., PCI, HIPAA, HITRUST, NIST CSF) through effective security controls and processes. • Other duties as assigned.

🎯 Requirements

• Bachelor's degree in computer science (preferred), information assurance, MIS or related field, or equivalent. • 7+ years of security and systems administration-related experience, to include 3+ years of related cloud and security engineering experience • Experience with operations and security across Amazon Web Services (AWS) and/or Google Cloud Platform (GCP). • Experience with agile workflows, including Scrum and Kanban. • Understanding of containers (e.g., Docker) and container orchestration (e.g., Docker Swarm, Kubernetes). • Proficient in securing Windows and *nix operating systems, endpoint applications, networking protocols and devices. • Ability to obtain and maintain technical team and business support to influence a collaborative effort to reduce attack surface while performing rapid, continuous implementation. • Understanding of OWASP, CVSS, the MITRE ATT&CK framework and (SLDC). • Knowledge of Payment Card Industry (PCI), Health Information Portability and Accountability Act (HIPAA), Gramm-Leach-Bliley Act (GLBA), National Institute of Standards (NIST) or International Standards Organization (ISO) requirements. • Self-starter mentality requiring minimal supervision. • Analytical and problem-solving abilities with a proactive, risk-based approach. • Highly organized and efficient. • Demonstrated strategic and tactical thinking, along with decision-making skills and business acumen. • Experience in healthcare or digital health is a plus. • Strong internal service minded, to provide support to all teams and leadership • Adaptability to handle dynamic and challenging environments. • Energetic, resourceful, and appropriate work intensity to get the work done. • Strong people acumen and relationship skills.

🏖️ Benefits

• Health insurance • Professional development opportunities • Flexible working hours