Company Description:
Harmony Healthcare IT (HHIT) is a data management firm that moves and stores patient, employee, and business records for healthcare organizations. To strengthen care delivery and improve lives, vital information is preserved and managed by HHIT in a way that keeps it accessible, releasable, usable, interoperable, secure, and compliant.
HHIT has established core values for the workplace. This helps to maintain a culture of excellence and provides guidance in our daily work.
HHIT’s core values are:
- Do the right thing
- Be easy to work with
- Exceed expectations
- Serve Humbly
- Never stop improving
Position Summary:
The DevSecOps Engineer is responsible for strengthening the organization's security posture by integrating security across the software development lifecycle, DevOps processes, and cloud environments. Serving as a liaison between Security and Development teams, this role facilitates vulnerability management, coordinates remediation efforts, enhances automated security controls within CI/CD pipelines, and promotes secure development practices. The engineer collaborates with development, operations, and QA teams to implement secure-by-design principles, conduct threat modeling, manage DevSecOps security tools, monitor security alerts and incident response activities, and drive continuous security improvements through automation, risk reduction, security metrics, stakeholder engagement, and secure authentication practices.
Primary Responsibilities:
- Contribution to and assessment of security posture and risk across the company
- Serve as the liaison between Security and Development teams by facilitating vulnerability management activities, integrating and enhancing automated security scanning within CI/CD pipelines, monitoring compliance with secure development standards, assessing application vulnerability exploitability, false positives, and remediation priority, and coordinating remediation efforts while tracking risk reduction and policy adherence.
- Collaborate with development teams to integrate security into the SDLC. Provide secure coding guidance, perform threat modeling during design phases, and ensure security requirements are addressed from planning through deployment.
- Facilitate and enhance CI/CD security controls through automated scanning, policy enforcement, and secure deployment guardrails.
- Evaluate, deploy, and manage security tools relevant to DevSecOps (static/dynamic code analysis, vulnerability scanners, cloud security platforms, etc.).
- Develop automation scripts and workflows to streamline security tasks such as patch management, intrusion detection, and compliance checks in code.
- Monitor and investigate security alerts across applications and infrastructure, perform initial incident triage and containment, escalate complex issues to SOC and senior security team members, and contribute to post-incident reviews and security improvements. Participate in on-call response as needed.
- Continuously monitor and improve the security posture of systems and DevOps processes, track key security metrics, recommend security enhancements based on emerging threats and best practices, and maintain security documentation aligned with organizational and compliance requirements.
- Work cross-functionally with development, operations, and QA teams to promote secure development practices, facilitate security reviews and stakeholder meetings.
- Manage and promote secure authentication practices, including key management, secrets management, token security, and credential protection, while ensuring compliance with company policies and standards.
- Other duties as assigned
Required Skills/Abilities:
- Excellent communication skills, both written and spoken
- Strong interpersonal, time management, organizational, problem solving and analysis skills
- Drive to complete project work on time
- Ability to effectively prioritize and handle multiple tasks and projects
- Participation in on-call rotation
Education & Experience:
- Bachelor’s degree in Computer Science, Cybersecurity or related field (or equivalent experience).
- ~3-5 years of combined experience in cybersecurity or DevOps, with at least 2+ years focused on DevSecOps or secure DevOps practices.
- Experience with application and infrastructure security tools, including SAST/DAST scanners, vulnerability management platforms, SIEM or monitoring systems, etc.
- Experience with Software Composition Analysis (SCA), open-source dependency management, container image security, and software supply chain security practices.
- Experience with DevOps technologies, including CI/CD pipelines, Docker, Kubernetes, cloud platforms, Terraform or other Infrastructure as Code (IaC) technologies, automation scripting, and CI/CD security integration is strongly preferred.
- Solid understanding of secure software development practices and common application security vulnerabilities
- Familiarity with identity and access management (IAM) concepts and secrets management is a plus
- Preferred Certifications: Security+, Certified Kubernetes Security Specialist (CKS), or equivalent cybersecurity, cloud security, container security, or DevSecOps certifications.
- Industry certifications (e.g., AWS/GCP/Azure security certs) are a plus.
- Demonstrated commitment to ongoing professional development and continuing education in cybersecurity, cloud security, application security, or DevSecOps.
Other:
- Willing and ready to exemplify HHIT’s core values on a daily basis
- Responsible for protecting data entrusted to HHIT by customers or other parties by strictly adhering to HHIT’s data security and privacy policies and procedures, as well as HIPAA, PIPEDA and all other applicable law.
- Speaking and writing English is a requirement for this position
- Must be authorized to work in the United States
Physical Requirements:
- Prolonged periods sitting at a desk and working on a computer
- Must be able to lift up to 15 pounds at times