DevSecOps Solutions Lead/Engineer (Boston or Louisville, KY) - for Digital Health & Analytics at Humana Studio_h
The DevSecOps Solution Lead/Engineer within Digital Health & Analytics will deploy modern security tools and techniques to protect the sensitive information processed by and inherent to the development pipelines throughout our AI designated platforms. Embedded within the development teams, this position will be responsible for ensuring the protection and appropriate use of sensitive information within analytic development activities as well as testing for and remediating vulnerabilities as applications are developed.
The DevSecOps Solution Lead/Engineer will support the development of cloud-native solutions, leveraging cloud platform services, and will be familiar with the tools, languages, and frameworks that support that ecosystem.
Digital Health & Analytics leverages Humana's most valuable data assets within an AI environment to create insights that fuel critical decisions. To ensure the appropriate use of those data assets at speed and scale, the development teams must be highly integrated with fluid contributions from development, security, and operations associates. The DevSecOps Solution Lead/Engineer will participate in every phase of the application development lifecycle to provide the necessary balance of data protection that minimizes or eliminates disruption by introducing security concepts at functional inception, requiring validation at appropriate points of implementation, and providing timely guidance at the encounter of vulnerabilities in application code. Communication and feedback participation are foundational to getting the right value out of the development iterations.
- Responsible for engineering security tools and features to continuous iteration and delivery pipelines
- Implementation of testing and monitoring within application development
- Embedded communication with the development teams to intimately understand the projects and to perform security functions in a timely and seamless manner
- Deliver all applications with Cloud first mindset, following Agile methodology
- Implement Developer Efficiency Index like Unit Test Coverage, automated packaging and deployment standards
- Adhere to all IT Risk and compliance standards, ensuring all software applications are built with the highest standards and free of known vulnerabilities
- Evaluate new DevSecOps platforms, components, tools, and processes
- Mentor junior software engineers on the latest security technology stack implemented within the DH&A platform
- Perform code audits to ensure adherence to development and security best practices
- BA/BS in Computer Science or equivalent experience
- 5-10 years of experience in the Information Technology field as a “full-stack” developer, thoroughly familiar with DevSecOps practices and technical architecture
- 5+ years of Software Development experience with the following languages: Python, R, NodeJS
- At least 3 years of experience working in cloud platform or the use of cloud native technologies, cloud cybersecurity, and implementation patterns to lower costs, improve speed to market, increase efficiency, and enable innovation
(Microsoft Azure, Google Cloud Platform, Amazon AWS)
- Experience running, securing, and maintaining containers and using tools such as Docker, Kubernetes, Twistlock, Artifactory in Production
- Experience working within an environment with a “startup” culture using agile, lean, DevSecOps, and Secure DataOps delivery practices and methodologies
- Experience with TDD/BDD and writing solid test cases
- Experience working in J-Frog Artifactory and Azure DevOps
- Experience leveraging modern technologies to increase velocity and decrease the cost of solution delivery; including cloud technologies, micro-service architectures, and streaming analytics
- Understanding of security principals such as Authentication, Authorization, Encryption, Auditing, etc. . .
- Azure specific technologies such as PowerShell, CLI, ARM templates, RBAC, Policy, Blueprints, Security Center, AAD Identity Protection, etc.
- Knowledge of risk detection and remediation techniques and technologies
- Knowledge of component framework and modern application container and virtualization technologies
- Understanding securing of data in transit and at rest
- Detailed knowledge of software development practices to avoid code-based vulnerabilities such as SQL injection, cross-site scripting, etc. . .
- Designed and implemented CI/CD pipelines, especially those involving cloud environments
- Environment configuration languages such as Terraform and Ansible
- Additional related technologies such as Jira ALM, Jenkins, SonarQube, Artifactory, GitHub, Fisheye, Crucible, etc. . .
- Strong collaboration skills and the ability to work as a member of a team
- Analytical mind with problem-solving aptitude
- Strong communication skills with the ability to interact with business and customer representatives
- Passion for growing your skills, tackling interesting work and challenging problems
- Provide mentorship, coaching, and feedback to enhance and improve the skills of others
- Authoritative knowledge of application vulnerabilities and the appropriate mitigations or protection patterns to apply in their presence
- Shipping pragmatic, sustainable code bases with speed
- MS in Computer Science or related field
- Cloud certification on Microsoft Azure platform (AZ-500, AZ-400, AZ-300)
- Experienced in designing, building, and testing complex scalable systems
- Participated in build, maintenance, and security of a large-scale micro-service infrastructure application or system
- Experience supporting live production infrastructure can put out fires under pressure when things go wrong