DevSecOps Integration Engineer

About The Role

OpenLoop is looking for a DevSecOps Integration Engineer to join our team remotely or at our HQ in Des Moines, IA. 

In this role, you will be responsible for being our DevSecOps subject matter expert across the IT, software engineering and product teams.  The ideal candidate is someone who has the ability to provide strategic oversight, possesses a wide range of cybersecurity and software engineering technical acumen, and has the ability to think like an attacker to guide us through potential security issues.

What You’ll Do:

• Build relationships with developers and stakeholders to incorporate security principles into engineering design and deployments.
• Supervise validation in security controls and testing across projects, using SAST, DAST, IAST and RASP tools, documenting any security findings, outlining remediation options and overseeing mitigation.
• Oversee implementation of defensive practices and countermeasures across infrastructure and applications.
• Draft and uphold CI/CD security strategy and practices in tandem with other technical team leads.
• Lead continuous product and application security reviews, focused on secure development practices, threat modeling, vulnerability management, architecture and application security design.
• Ensure security principles and validations are consistently implemented throughout the CI/CD pipeline by embedding robust, security-focused practices into all automation processes.
• Attend and participate in product meetings addressing security requirements for new and existing products.
• Build services and tools to enable developers and engineers to use security components successfully
• Simplify automation that applies security inter-workings with CI/CD pipelines.
• Support the ability to “shift left” and incorporate security early on and throughout the development lifecycle.
• Communicate vulnerability results to both technical and non-technical stakeholders, focused on risk tolerance and threat to the business,  in order to gain support through influential messaging.
• Leverage vulnerability database sources to understand the weakness, probability and remediation options supplied by vendors
• Join forces and provision security principles in architecture, infrastructure and code. 
• Regularly research and learn new tactics, techniques and procedures (TTPs).
• Partner with teams to define key performance indicators (KPIs) and metrics across business units.
• Ensure regulatory compliance (e.g., PCI, HIPAA, HITRUST, NIST CSF) through effective security controls and processes.
• Other duties as assigned.

Who You Are:

• Bachelor's degree in computer science (preferred), information assurance, MIS or related field, or equivalent.
• 7+ years of security and systems administration-related experience, to include 3+ years of related cloud and security engineering experience 
• Experience with operations and security across Amazon Web Services (AWS) and/or Google Cloud Platform (GCP).
• Experience with agile workflows, including Scrum and Kanban.
• Understanding of containers (e.g., Docker) and container orchestration (e.g., Docker Swarm, Kubernetes).
• Proficient in securing Windows and *nix operating systems, endpoint applications, networking protocols and devices.
• Ability to obtain and maintain technical team and business support to influence a collaborative effort to reduce attack surface while performing rapid, continuous implementation.
• Understanding of OWASP, CVSS, the MITRE ATT&CK framework and (SLDC).
• Knowledge of Payment Card Industry (PCI), Health Information Portability and Accountability Act (HIPAA), Gramm-Leach-Bliley Act (GLBA), National Institute of Standards (NIST) or International Standards Organization (ISO) requirements.
• Self-starter mentality requiring minimal supervision.
• Analytical and problem-solving abilities with a proactive, risk-based approach.
• Highly organized and efficient.
• Demonstrated strategic and tactical thinking, along with decision-making skills and business acumen.
• Experience in healthcare or digital health is a plus.
• Strong internal service minded, to provide support to all teams and leadership
• Adaptability to handle dynamic and challenging environments.
• Energetic, resourceful, and appropriate work intensity to get the work done.
• Strong people acumen and relationship skills.