Aledade4mo ago

Staff Security Engineer (DevSecOps)

BethesdaRemotelead

EngineeringSecuritySecurity EngineerCybersecurity

0 views0 saves0 applied

Apply Now

Quick Summary

Overview

The Staff Security Engineer will be responsible for designing, implementing, and maintaining security services that support our business.

Technical Tools

EngineeringSecuritySecurity EngineerCybersecurity

The Staff Security Engineer will be responsible for designing, implementing, and maintaining security services that support our business. You will understand data and automation are important ingredients to our mission and know how to actively employ these ingredients at scale. Beyond the technical expertise, we value individuals who can partner cross-functionally across various teams, driving impactful outcomes and further securing our digital landscape.

Lead the development, implementation, and ongoing maintenance of comprehensive security strategies and solutions.

Design and deploy advanced security controls to safeguards networks, systems, and applications.

Work across disciplines to shape our security services strategy and execution

Mentor and galvanize new engineers to do their best work

Set and uphold the standard for security processes to support high-quality engineering

BS/BTech (or higher) in Computer Science, Information Technology, Cybersecurity or a related field, 10 years security domain experience without degree

8+ years of experience in software or security engineering within Cloud Native environments

Experience architecting, developing, and deploying large-scale distributed systems at scale

Experience with cloud technologies, e.g., AWS, Azure, GCP

Experience building continuous integration and continuous development (CI/CD) pipelines

Strong familiarity with server-side web technologies (eg: Java, Python, Scala, C#, C++, Go)

4+ years of experience acting as a trusted technical decision-maker in a team setting, solving for short-term and long-term business value

Experience with health-tech systems, like Electronic Health Records, Clinical data, etc.

Domain Specific Experience

Dev Security Ops

Led security architecture reviews for enterprise-scale systems including microservices architectures, data platforms (Databricks, Snowflake), and cloud-native applications, identifying and mitigating security risks before implementation.

Established Infrastructure Security as Code practices including automated security policy enforcement, drift detection, and infrastructure vulnerability scanning integrated into Pulumi deployment workflows

Established security review processes and governance frameworks with standardized security requirements, risk assessment methodologies, and security architecture decision records (ADRs) integrated into SDLC workflows

Developed security automation and tooling documentation including security scanner integration guides, vulnerability management procedures, and security monitoring runbooks for DevSecOps teams

Collaborated with platform and infrastructure teams to design secure CI/CD pipelines, container security strategies, and Kubernetes security policies with automated compliance validation and reporting

Sitting for prolonged periods of time. Extensive use of computers and keyboard. Occasional walking and lifting may be required.