Overview
We are CONNECTING HEALTH AND WEALTH.
Come be part of remarkable.
How you can make a difference
HealthEquity is looking for a Sr DevSecOps Engineer to Join our team.
you will play a crucial role in enhancing our security posture and ensuring the seamless integration of security practices into our DevOps processes.
You will work collaboratively with cross-functional teams to implement and maintain security measures across our software development lifecycle, with a specific focus on securing APIs. The ideal candidate will possess a strong background in both security and DevOps, with a passion for implementing robust and scalable security solutions.
What you’ll be doing
Security Integration:
Collaborate with development and operations teams to integrate security best practices into the entire software development lifecycle, with a specific emphasis on securing APIs. Implement security controls and measures at each stage of the DevOps pipeline, ensuring API security is a fundamental component. API Security:
Conduct thorough security assessments and reviews of APIs to identify and remediate potential vulnerabilities. Implement and enforce API security policies, authentication, and authorization mechanisms. Automation and Orchestration:
Develop and maintain automated security processes and tools to identify and remediate API-related vulnerabilities. Implement and manage security orchestration for incident response and threat detection in the context of APIs. Continuous Monitoring:
Establish and maintain continuous security monitoring systems specifically designed for APIs, detecting and responding to security incidents in real-time. Conduct regular security assessments and audits of APIs to ensure ongoing compliance. Incident Response:
Lead and participate in incident response activities related to API security, including investigation, analysis, and resolution of security incidents. Develop and maintain incident response playbooks and procedures specific to API security incidents. Collaboration and Training:
Collaborate with development and operations teams to enhance API security awareness and knowledge. Provide guidance and mentorship to junior members of the DevSecOps team, emphasizing API security best practices. What you will need to be successful
Bachelor's degree in Computer Science, Information Technology, or related field. Proven experience (6+ years) as a DevSecOps Engineer or in a similar role. In-depth knowledge of security best practices and industry standards, especially in the context of API security. Understanding and hands on experience with Cloud platforms Understanding and hands on experience with DevSecOps and DevOps tools Experience with making the nuanced threat and risk assessments Experience with NIST, SOX, HIPAA, SOC2, PCI and other compliance and regulatory schemas Experience building repeatable/reusable security processes and frameworks Hands-on experience with DevOps tools and practices (e.g., CI/CD, containerization, infrastructure as code). Automation, scripting, and business intelligence experience a must (Powershell, Python, PowerBI, Tableau, and API configuration experience) required. Strong understanding of cloud security principles (AWS, Azure). Certifications such as CISSP, CISM, are a plus. #LI-Remote
This is a remote position.
Salary Range
$103500.00 To $165500.00 / year
Benefits & Perks
The compensation range describes the typical minimum or maximum base pay range for this position.
The actual compensation offer is determined based on job-related knowledge, education, skills, experience, and work location.
This position will be eligible for performance-based incentives as part of the total compensation package, in addition to a full range of benefits including:
Medical, dental, and vision HSA contribution and match Dependent care FSA match Uncapped paid time off Adventure accounts Paid parental leave 401(k) match Personal and healthcare financial literacy programs Ongoing education & tuition assistance Gym and fitness reimbursement Wellness program incentives