DevSecOps Engineer

About Rhapsody: 

We all know that our health care system is complicated. Getting data from one provider to another, or from a provider to a health insurance company, is frustrating for virtually everyone. Imagine developing solutions that help make these data transactions easier and faster. That is what we do at Rhapsody; we make interoperability platforms that allow data – such as patient encounter details, lab results, and billing information – to move seamlessly from one system to another. 

While most people will not ever see our products and services during a medical encounter, our interoperability platforms are running behind the scenes. Think of them as the central nervous system helping to move data where it needs to be to improve the patient experience. To learn more about Rhapsody, visit
www.rhapsody.health

If using your expertise in a way that impacts our health care system, patient care, and population health sounds like something you would find rewarding, apply today! 

What we have to offer you:

• Comprehensive benefits package on day 1 (medical, dental, vision, life, disability)
  
• 401k with a generous company match
  
• Unlimited PTO, sick time & volunteer days
  
• An innovative, inclusive, and fun work environment
  
• Continuous learning and development opportunities

This is a hybrid position. Must be able to commute to Boston on Tuesday and Thursday.

About the Role

We’re seeking a Cloud DevSecOps Engineer to strengthen our cloud security program with a strong focus on proactive risk management, compliance readiness, and incident response.

The DevSecOps Engineer works to bridge the gap between development, Operations and Security to foster a culture where security is seamlessly integrated into all aspects of development and operations. You will collaborate closely with our Security Operations Center (SOC) analysts, compliance stakeholders, and DevOps teams to identify risks, drive remediation, support real-time investigations and enhance the overall security posture of the organization

You are expected to bring a proactive approach to security and compliance, have a strong AI aptitude, curiosity and demonstrated interest in exploring AI implementations in improving security operations and compliance workflows. Your critical thinking skills will be key in identifying and mitigating risks to our cloud environment while supporting our focus on innovation.

Key Responsibilities

Cloud Security Integration & CNAPP Operations

• Deploy, configure, and operationalize Cloud Native Application Protection Platform (CNAPP)tools like Wiz or Upwind Security to continuously monitor cloud misconfigurations, vulnerabilities, and security posture across cloud environments.
• Analyze CNAPP findings and partner with engineering teams to drive timely remediation and policy enforcement.
• Maintain visibility across workloads, containers, and infrastructure as code (IaC) to detect and reduce risk early in the development lifecycle.

Compliance & Governance

• Work with the compliance team to map regulatory and audit requirements (e.g., SOC 2, HIPAA, ISO 27001) into actionable cloud security controls.
• Contribute to the development and maintenance of cloud-specific control documentation, audit evidence, and compliance mappings.
• Support external audits and internal control testing by providing technical evidence and explanations of security measures in AWS.

SOC Collaboration & Incident Response

• Collaborate with SOC analysts to improve detection capabilities and refine use cases based on cloud telemetry and CNAPP insights.
• Actively participate in incident response efforts, including investigation, containment, root cause analysis, and remediation of cloud-related security events.
• Help develop and maintain cloud-focused runbooks and playbooks for incident handling and escalation.
• Enhance visibility by integrating CNAPP findings with SIEM/SOAR platforms and tuning alerts to reduce noise and increase actionable intelligence.

Architecture & DevSecOps Enablement

• Reduce misconfigurations in the cloud by embedding security into Continuous Integration/Continuous Delivery (CI/CD)pipelines and provide guidance on secure infrastructure-as-code (Terraform, CloudFormation).
• Participate in security architecture reviews and threat modeling for cloud-native services and applications.
• Promote security best practices across cloud infrastructure, containers, and microservices.

Required Qualifications

• 3–5 years of experience in a cloud security, DevSecOps, in either an analyst or engineering role with a strong emphasis on AWS.
• Hands-on experience with CNAPP platforms such as Wiz, Upwind Security, Orca, or Prisma Cloud.
• Proficiency with AWS security tools (IAM, Config, GuardDuty, CloudTrail, Security Hub).
• Experience working with or alongside SOC analysts and contributing to incident response workflows.
• Familiarity with compliance frameworks and cloud-specific controls for SOC 2, HIPAA, NIST, or ISO 27001.
• Strong knowledge of infrastructure as code and cloud-native architectures.

Preferred Qualifications

• AWS Security Specialty or Azure Security Engineer Associate certification desired.
• Experience working in regulated industries (e.g., healthcare, fintech).
• Understanding of MITRE ATT&CK, CVSS, and cloud threat detection patterns.
• Familiarity with EKS/Kubernetes and container runtime security.
• Prior experience with SIEM/SOAR tools and security alert tuning.

Rhapsody provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.