Senior Cloud DevSecOps Engineer (Work at home - US) at Humana Studio_h
In support of Humana’s vision to create simple, personalized and reliable experience for our healthcare customers we are embarked on the Technology Modernization journey. One of the key strategic initiatives of the Technology Modernization is transformation of the workloads to the Cloud.
We are looking for a Cloud DevSecOps engineer who will be responsible for driving the automation of building, testing and deployment of security, data and operations frameworks, templates, and policies as a code.
Cloud DevSecOps engineer will:
- Design, build and test scripts in native and tool-dependent languages for continuous integration, continuous delivery (CI/CD) pipeline to limit manual testing and troubleshooting.
- Lead the development of an automated framework for Security Tool deployment and development, leveraging various scripting languages and open source solutions.
- Using Security-as-Code principles, build templates to automate security vulnerabilities and suggest and implement proper alternatives.
- Maintain interfaces with outside systems, analyze downtimes, analyze proposed system modifications, upgrades and identification of new commercial off the shelf software.
- Identify issues with current software then develop system requirements and program specifications to upgrade or improve existing software.
- Coordinate closely with programmers to ensure proper implementation of program and system specifications and requirements.
- Architect and design API Security, Container Security, or Azure Cloud Security.
- Apply security to cloud technologies (Managing secrets, Securing CD pipeline, Secure Infrastructure as Code, Container Security etc.).
- Build and maintain monitoring, auditing, and reporting frameworks that produces artifacts that support security and compliance needs.
- Implement security features and monitoring tools, performing periodic security and code quality assessments
- Bachelor's degree or equivalent experience
- 7+ years of experience in software engineering and software development, including Web applications and technologies
- 4+ years of hands-on experience in implementing/maintaining CI/CD, security and data pipelines
- 3+ Public Cloud hands-on experience (Azure preferred) with a good understanding of scripting/programming languages such as Ruby, Perl, Java, Python etc.
- Experience with Public Cloud infrastructures (Azure Cloud preferred), Container-based technologies, Git-based source control repositories, pipelines, including GitLab CI, and common DevSecOps open source toolsets
- Knowledge of PCI-DSS, HIPPA, SOX, GDPR, and CCPA Standards and Policies and the associated certification and audit processes
- Up-to-date knowledge of cybersecurity threats, current best practices and latest software.
- Good oral and written communications skills
- Ability to interpret evolving requirements, work with the team to develop product backlogs, and provide technical feedback to the team
- Any Cloud Developer or Cloud Engineer certificate (Azure preferred)
- Knowledge of threat modelling and risk assessment techniques
- Knowledge of Windows and Linux patch management and related information security functions (authentication, encryption, iptables, SSL, Ciphers, etc.)
- Familiarity with Information Security frameworks/standards (i.e. CIS, NIST etc.)
- Experience with managing private and public Cloud deployments of applications
- Experience with tools, including GitLab, Jenkins, Terraform, Puppet, Artifactory, Ansible, and Vagrant
- Experience with managing Cloud infrastructures, including Azure
- Experience with Docker or Kubernetes
- Experience with integrating an Identity and Access Management (IdAM) solution into infrastructure and Web applications
- Experience with code quality tools such as SonarQube
- Azure Cloud Solution Developer and other development language related Certifications