DevSecOps Engineer

Job Summary: DevSecOps Engineer is responsible for designing, implementing, and maintaining secure CI/CD pipelines, cloud infrastructure, and automation frameworks. The role focuses on integrating security controls, compliance, and monitoring into DevOps processes to support mission-critical healthcare applications and data sharing platforms.

Key Responsibilities :

DevSecOps & Automation

·         Design, implement, and maintain CI/CD pipelines for application and API deployments.

·         Automate build, test, security scanning, and deployment processes.

·         Manage infrastructure using Infrastructure as Code (IaC) tools (Terraform, CloudFormation, ARM).

·         Support containerized environments using Docker and Kubernetes.

·         Ensure high availability, scalability, and disaster recovery.

Security Integration (DevSecOps)

·         Embed security controls into CI/CD pipelines (SAST, DAST, SCA).

·         Implement and maintain container security and image scanning.

·         Enforce secrets management, encryption, and key rotation.

·         Integrate identity and access management (IAM) with least-privilege principles.

·         Conduct vulnerability assessments and support remediation activities.

Cloud & Platform Engineering

·         Design and manage secure cloud environments like AWS.

·         Implement network security controls (VPCs, firewalls, security groups).

·         Monitor system performance, logs, and security events.

·         Support API Gateway platforms (e.g., MuleSoft Anypoint Platform).

Compliance & Governance

·         Ensure compliance with HIPAA, CMS, FISMA, FedRAMP, and NIST (800-53, 800-171).

·         Support ATO processes, audits, and security documentation.

·         Implement continuous monitoring and compliance reporting.

·         Collaborate with ISSO and security teams on risk assessments.

·         Collaboration & Agile Support

·         Work closely with developers, architects, QA, and security teams.

·         Participate in Agile ceremonies and release planning.

·         Provide guidance on secure coding and cloud security best practices.

Required Qualifications:

·         4 years of experience in DevOps or DevSecOps engineering.

·         Strong experience with CI/CD tools (Jenkins, GitLab CI, GitHub Actions).

·         Hands-on experience with cloud platforms (AWS, Azure, or Google Cloud Platform).

·         Experience with containerization and orchestration (Docker, Kubernetes).

·         Knowledge of security tools (Snyk, SonarQube, Aqua, Prisma Cloud, or similar).

Preferred Qualifications:

·         Experience supporting federal or healthcare IT programs.

·         Experience with API Gateways and MuleSoft.

·         Knowledge of FHIR/HL7 healthcare data standards.

·         Experience with FedRAMP Moderate/High environments.

·         AWS certification preferred, particularly AWS Certified DevOps Engineer – Professional or Solutions Architect – Associate/Professional.

Key Skills:

·         DevSecOps & CI/CD Automation

·         Cloud Security & Infrastructure as Code

·         Container & Kubernetes Security

·         Federal Compliance & ATO Support

·         Monitoring, Logging & Incident Response

·         API Gateway & Integration Platforms

Residency Requirement:

Candidate must be  OR  to obtain Public Trust clearance and must have lived in the United States for at least three (3) out of the last five (5) years.  

Salary & Benefits Information:

The actual salary offer will carefully consider a wide range of factors, including your skills, qualifications, experience, and location.

C-HIT offers Healthcare Benefits, Remote Working Options, Paid Time Off, PTO cash-out, Training/Certification opportunities, Healthcare Savings Account & Flexible Savings Account, Paid Life Insurance, Short-term & Long-term Disability, 401K Match, Employee Assistance Program, Paid Holidays, and much more perks and Voluntary benefits!  

Employees of C-HIT shall, as an enduring obligation throughout their term of employment, adhere to all information security requirements as documented in company policies and procedures.

C-HIT, a CMMI Maturity Level 5 company, focuses on delivering information technology and professional services to Federal and State agencies.

"C-HIT is an EOE, including disability and veterans”