Security DevOps (DevSecOps) Engineer

San Mateo, CA
Technology – Engineering
Full-time
The Company

WithMe Health provides a medication guidance solution that replaces legacy Pharmacy Benefit Managers (PBMs) by using modern technology and rich datasets to consistently apply proven science and create individualized experiences for employees and their families. WithMe Health’s solution is unlike any other medication guidance solution in the market today: it is proactive, adaptive, convenient, and engaging. And WithMe Health’s innovative, outcomes-oriented business model aligns interests across the pharmaceutical value chain, optimizing health outcomes while substantially reducing costs for employers. The company was formed in 2018 to address the growing challenges and unmet needs that employers and employees face with legacy PBMs: misaligned business models, frustrating interactions, unknown outcomes, high costs, and a lack of real transparency. Having recently closed a $20 million round of financing from Oak HC/FT, WithMe Health is poised for significant growth while disrupting the $453 billion PBM industry and is looking to build out its team to help achieve this growth.

The Role

The Security DevOps (DevSecOps) Engineer is a strong technical position which will support the various cloud and on-premise Security DevOps (DevSecOps) information security and cybersecurity projects on various project life cycle and maturity assessment. As a Security DevOps Engineer, you may be advising on responding to security incidents, developing detection techniques, leading SOC2 / HITRUST certification efforts, handling security and compliance requests, testing, and providing feedback. We are seeking an enthusiastic, passionate professional for a DevSecOps Senior Engineer position with established experience with cloud (e.g. AWS, Azure, GCP) services, DevOps practices such as build/release management, secure SDLC/DevSecOps practices such as automating security processes in CI/CD pipeline, SOC2 and/or HITRUST certification efforts, and general automation. This role will help to design, implement, and support cloud and end point solutions and processes. Your skills are broad - implementing cloud and on-premise solutions for application architectures, scripting, database and other data services – and you easily transition between those and handle multiple projects and priorities.  

Responsibilities

    • Partner with Engineering team leads to create, implement and apply DevSecOps principles, processes and culture.
    • Advocate for and ensure appropriate security practices are communicated and implemented within their application security programs.
    • Support adherence and awareness of these practices.
    • Lead SOC2 and/or HITRUST certification efforts.
    • Be a trusted automation and tooling advisor for DevSecOps initiatives by providing objective, practical and relevant ideas, insights and advice.
    • Assist  teams with on-boarding to the adopted security tools/technologies. 
    • Deliver tasks based on project objectives; technically support projects through to completion.
    • Work with teams to bring continuous improvement to DevSecOps processes and tools. 

Qualification and Experience

    • Bachelor’s degree in Computer Science, Engineering, or related field or equivalent work experience.
    • More than 5 years of experience in Security DevOps, DevSecOps domain.
    • Experience in developing or administering the security of cloud environments Azure, AWS, GCP, etc.
    • Practical knowledge of DevOps toolbox: Configuration Management (Ansible, Terraform etc), Containers (Docker, Kubernetes), Continuous Integration & Continuous Delivery (CI/CD) (Jenkins, Github CI), Databases (MongoDB, PostgreSGQL) 
    • Experience in maintaining an ELK (Elasticsearch, Logstash, and Kibana) stack.
    • Experience in supporting Linux in production environments, working with Unix firewalls, access controls and disk encryption.
    • Experience working with industry standards or programs such as SOC2, HITRUST.
    • Knowledge and understanding of information security legal and regulatory requirements, such as Health Insurance Portability and Accountability Act (HIPAA).
    • Practical knowledge of several security practices in SDLC and supporting it security tools, access control, application security, network security, security architecture and security strategy.
    • Good working knowledge of Python
    • Healthcare experience a big plus.
    • Must be able to work independently or with a team, under minimum supervision.
There are many reasons to come work for us but we’ll just list a few:
Highly competitive pay
80% employer-paid health coverage
401(k) plan eligible day 1
Medical memberships
Paid life insurance
8 weeks’ parental leave for primary caregiver
Flex spending
Results-only work environment
Generous vacation policy  

What does all that mean? It means we want you to be successful and fulfilled; to be happy and to grow. We are trying hard to be one of the best places to work and we pride ourselves on doing more for our people. We have some amazing people here and are excited to talk to you more about joining us. Are you ready? 

WithMe is committed to providing reasonable accommodations for qualified individuals with disabilities and disabled veterans in our job application procedures.