DevSecOps Engineer

Kipu Health

Kipu Health

Software Engineering
United States
Posted on Wednesday, May 8, 2024

At Kipu Health, we’re passionate about creating better paths to better patient care. Join us in our work to advance behavioral health care in our communities.

Our innovative solutions support providers in treating addiction, eating disorders and many other behavioral health conditions. Our EMR, CRM and revenue cycle solutions help behavioral health facilities succeed in managing their patients’ entire care journey, but it’s through our people that we truly make a difference.

Job Description/Summary

We are seeking an experienced DevSecOps Engineer to join our team and enhance our security posture across our software development lifecycle. The successful candidate will be responsible for assessing gaps and integrating security best practices in our CI/CD pipelines, infrastructure, and application deployment processes. This role requires a combination of software development, security, and operations expertise to ensure secure and efficient delivery of software products.

Role Responsibilities

  • Security Integration:
    1. Integrate security tools and practices into CI/CD pipelines, including software composition analysis, container security, and continuous compliance monitoring.
    2. Collaborate with the engineering teams to ensure that security is considered throughout the software development lifecycle.
  • Infrastructure as Code (IaC):
    1. Provide expertise concerning best practices for infrastructure as code (IaC), including Identity and Access Management, cloud firewall rules, logging, and encryption in transit and at rest, ensuring that cloud resources remain secure.
    2. Review and assess security of cloud infrastructure and automation scripts.
  • Vulnerability Management:
    1. Identify, assess, and remediate vulnerabilities in code, libraries, and infrastructure.
    2. Collaborate with engineering teams to prioritize and address vulnerabilities based on risk.
  • Secure Configuration:
    1. Ensure that application and infrastructure configurations are secure and adhere to security policies and standards.
    2. Automate secure configuration and deployment practices to ensure consistent, repeatable results.
  • Monitoring and Incident Response:
    1. Tune security alerting tools.
    2. Monitor applications and infrastructure for security incidents using tools such as SIEM, IDS, and EDR.
    3. Develop and implement incident response automation to quickly address security incidents.
  • Automation and Tooling:
    1. Contribute to building and deploying highly scalable and hardened cloud-based autonomous systems to maximize engineering time devoted to innovation.
    2. Develop and maintain automation scripts and tools for security testing, monitoring, and deployment.
    3. Tune security tools including SIEM, CSPM, WAF, and IDS.
    4. Stay up to date with the latest DevSecOps technologies and best practices.
  • Compliance and Auditing:
    1. Ensure that software and infrastructure comply with relevant security standards and regulations (e.g., HITRUST, GDPR, HIPAA, PCI DSS).
    2. Participate in security audits and assessments as needed.
  • Education and Awareness:
    1. Provide training and awareness resources for team members.
  • Teamwork and Ethics
    1. Perform other job responsibilities as assigned.
    2. Demonstrate a commitment to ethical behavior in all aspects of the role, including decision-making, interactions with colleagues and stakeholders, and handling of sensitive information.

Role Qualifications

  • 3+ years of experience in DevSecOps and/or DevOps.
  • Cloud certifications preferred (e.g., AWS Certified Solutions Architect, AWS Certified DevOps Engineer, Azure DevOps Engineer, Azure Solutions Architect).
  • Experience developing, improving, and operating the deployment and orchestration of complex distributed systems.
  • Experience building, architecting, designing, and implementing cloud platforms and solutions.
  • Expertise with building and deploying infrastructure-as code using Terraform, CloudFormation, or Ansible.
  • Experience administrating AWS-specific services.
  • Experience with or knowledge of zero-trust architecture systems and best practices.
  • Proficiency in scripting languages such as JSON, Python, Bash, or PowerShell.
  • Experience with CI/CD tools such as Jenkins and/or Azure DevOps.
  • Familiarity with containerization and orchestration technologies such as Docker and Kubernetes.
  • Experience or ability to evaluate, develop, and update a software bill of materials for use by engineers.
  • Ability and enthusiasm to take on new technologies and concepts to integrate them into our security control stack.

Benefits & Compensation

  • Highly competitive salary based on your local market’s compensation data.
  • Unlimited paid time off.
  • 11 Paid Holidays.
  • Health, Dental, Vision, Disability, and Life Insurance.
  • Parental Leave.
  • Pet Insurance.
  • Employee Career Path Program.
  • 401(K) with Company Match.

Kipu Promise

In an environment of rapid change, millions are struggling to cope. Kipu is here to help. Having shaped the industry for 10 years, today we focus on advancing our New Vision for the behavioral health ecosystem, evolving how it operates, interacts, communicates, and heals.

We are an equal opportunity employer and highly value diversity at our company. We do not discriminate based on race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, gender identity, or disability status.