DevSecOps Engineer

DevSecOps Engineer

Hartford, CT

Client is seeking a DevSecOps Engineer to lead the secure development, deployment, and operations of cloud-native applications and AI-driven platforms. This role is critical to embedding security into every phase of the software development lifecycle, ensuring resilient, scalable, and compliant systems across digital health solutions.

You will collaborate with development, infrastructure, and security teams to automate security controls, integrate CI / CD pipelines, and enforce best practices in cloud security, containerization, and vulnerability management. Your work will directly support the delivery of secure, high-performing applications that serve millions of members and providers. Key Responsibilities

• Secure CI / CD Pipeline Development

Design and implement secure CI / CD workflows using tools like GitHub Actions, Jenkins, or GitLab CI, integrating automated security scans, code quality checks, and compliance gates.

Embed security controls into cloud-native applications deployed on Google Cloud Platform (GCP), including IAM policies, VPC Service Controls, workload identity, and secure service-to-service communication.

Integrate and secure AI-driven platforms using Google Vertex AI and IBM watsonx Orchestrate, ensuring model governance, data privacy, and compliance with healthcare regulations.

Develop and maintain IaC templates using Terraform or Google Cloud Deployment Manager, ensuring secure configurations and automated provisioning of cloud resources.

Implement container hardening, image scanning, and runtime protection using tools like GKE (Google Kubernetes Engine), Docker, and Kubernetes-native security solutions (e.g., GKE Autopilot, PodSecurityPolicies, Kyverno).

Integrate SAST, DAST, and dependency scanning tools (e.g., SonarQube, Snyk, OWASP ZAP) into development workflows, triaging and remediating findings in collaboration with engineering teams.

Collaborate with SOC and security teams to define logging standards, integrate with SIEM platforms (e.g., Google Chronicle, IBM QRadar), and support incident detection and response workflows.

Define and enforce security policies through automated guardrails, policy-as-code, and continuous compliance monitoring.

Partner with product, architecture, and platform teams to ensure security is embedded in design decisions, threat modeling, and risk assessments.

Stay current with emerging DevSecOps tools, cloud security trends, and regulatory requirements (e.g., HIPAA, HITRUST), driving innovation and maturity in secure software delivery.

Required Qualifications

Preferred Qualifications

Education

Bachelor's degree in Computer Science, Cybersecurity, Engineering, or related field, or equivalent experience required.