DevSecOps & Security Compliance Engineerapiphani • Boston, MA, US
DevSecOps & Security Compliance Engineer
apiphani • Boston, MA, US
1 day ago
Job type
- Full-time
Job descriptionBachelor of Science in Computer Science, Engineering, Applied Sciences, or equivalent work experience 5+ years of hands-on experience in security engineering, DevOps, cloud infrastructure, or application security Strong experience with CI / CD pipelines, container technologies (Docker, Kubernetes), and infrastructure as code (Terraform, CloudFormation) Professional working knowledge of information security standards and guidelines such as ISO 27001, NIST 800-53, NIST 800-171, NIST CSF, CIS, PCI DSS, and SOC 2 At least one of the following certifications, or the ability to obtain within six months of being hired : CISSP, CRISC, SANS GIAC, or relevant cloud security certifications (AWS Security, Azure Security Engineer) Strong cloud platform experience with AWS or Azure, including native security services Experience implementing security tools and practices in cloud-native environments Experience with infrastructure engineering, networking, and systems administration Experience with one or more ticketing systems (ServiceNow preferred) Experience with security and compliance automation tools a plus Experience at an MSP or SI a plus Service management and governance experience with ITIL a plus Either has or is willing to obtain clearance Great communicator who can write and present effectively to both technical and non-technical audiences Strong analytical and critical thinking skills, thrives in a team environment Self-organized, deadline and detail-oriented with strong organizational skills Strong leadership capabilities and ownership bias Able to effectively prioritize competing priorities and manage multiple workstreams Medical / dental / vision - 100% paid for employees, 50% paid for dependents Life and disability - 100% paid for employees 401K - 3% contribution, no employee contribution necessary Education and tuition reimbursement - up to $50K annually Employee Stock Options Plan Accident, critical illness, hospital indemnity benefits offered through our providers Employee Assistance Program Legal assistance Paid Time Off - up to 6 weeks per year Sick Leave - up to 2 weeks per year Parental Leave - up to 12 weeks
Job Description
Job Description
Apiphani is a technology-enabled managed services company dedicated to redefining what it means to support mission-critical enterprise workloads. We're a small but rapidly growing company, which means there's lots of room for growth and learning opportunities abound!
Apiphani is dedicated to creating a diverse and inclusive work environment for all as a fundamental component of our business. Diversity and inclusion are the bedrock of creativity and innovation. Without diversity of experience and thought, we would fail to progress as a company and as a team. Apiphani strives to foster an environment of belonging, where every employee feels respected, valued, and empowered. We embrace the unique experiences, perspective, and cultural background, which only you can bring to the table.
Job Description
The DevSecOps & Security Compliance Engineer will be responsible for developing, implementing, and maintaining apiphani's DevSecOps practices and security compliance programs to protect information assets throughout the software development lifecycle. This role will ensure that security and compliance requirements are embedded into apiphani's infrastructure, applications, and operational processes. The DevSecOps & Security Compliance Engineer reports to the Head of Cybersecurity.
Job Duties
- Design and implement DevSecOps frameworks and practices across apiphani's development and deployment pipelines
- Develop, deploy, and manage security compliance programs aligned with industry standards and regulatory requirements
- Develop and maintain security policies, standards, procedures, and compliance documentation
- Work with technical and business leaders at apiphani to ensure compliance with industry standards and best practices, including SOC 2, ISO 27001, CMMC and other applicable frameworks
- Implement and manage security solutions integrated into the CI / CD pipeline, including container security, code scanning, secrets management, infrastructure as code scanning, and related technologies
- Oversee security assessments, penetration testing, and vulnerability assessments to identify potential threats and security exposures throughout the development lifecycle
- Maintain security incident response plans, monitor security incidents, and conduct incident response related to application and infrastructure security
- Maintain security awareness and training programs to educate developers and operations teams on secure coding practices and security policies
- Mentor security analysts and provide day-to-day tasking and guidance
- Stay up to date with the latest developments in DevSecOps, security compliance, and cloud-native security practices
- Advise on the integration of security controls into infrastructure and application deployment processes
- Identify gaps in current security practices and solutions, and develop roadmaps to address compliance and DevSecOps maturity
- Advise on the direction and priorities of apiphani's IT projects and initiatives as they relate to security and compliance
- Participate in infrastructure and security team meetings to ensure security is embedded in technical decisions
- Advise on vendor-specific partnerships and DevSecOps solutions available for apiphani
- Support security risk assessments and help stakeholders understand business and compliance risks
- Meet with internal and external stakeholders to develop relationships and foster collaboration on security and compliance initiatives
Required Skills
Base Salary
$130,000—$160,000 USD
Company Benefits
Create a job alert for this search
Compliance Engineer • Boston, MA, US
Related jobs
A company is looking for a Compliance and Security Engineer.Key Responsibilities Conduct vulnerability scans and analyze results to drive remediation planning Operate enterprise SIEM solutions a...Show more
STR's Analytics Division develops novel solutions to the most challenging national security problems through advanced analytics and software.
Our teams consist of motivated individuals with degr...Show more A company is looking for a Sr Security Engineer responsible for maintaining and improving the overall security posture and incident response for infrastructure and application hosting environments....Show more A company is looking for an AWS IAM DevSecOps Engineer IV.Key Responsibilities Design, build, and deliver AWS IAM as a service for internal cloud consumers Develop and maintain Terraform code to...Show more A company is looking for a SecOps Engineer.Key Responsibilities Support operational tasks including alert review, incident response, and security playbook maintenance Manage vulnerability scans ...Show more 
BS Degree - Experience may be considered in place of education requirement.Architects and manages the M&S DevSecOps Platform for cloud and on-prem environments.
ensures secure, reliable softwar...Show more A company is looking for an Enterprise Security Engineer, IAM (US Remote).Key Responsibilities Administer, configure, and maintain IAM solutions, including SSO, MFA, IGA, and PAM platforms Colle...Show more A company is looking for a Senior SecOps Engineer to enhance operational security and automate security processes.Key Responsibilities Design and maintain automation workflows to streamline SecOp...Show more A company is looking for a DevSecOps Senior Lead Security Architect.Key Responsibilities Lead security risk assessments and provide recommendations for risk mitigation across enterprise and produ...Show more STR's Intelligence division researches, develops, and deploys advanced analytics and machine learning-based solutions to solve challenging problems in support of national security and the intel...Show more A company is looking for a Senior DevSecOps Engineer to lead strategic infrastructure and compliance initiatives in the healthcare industry.
Key Responsibilities Take ownership of high-impact IT a...Show more A company is looking for an AWS Cybersecurity Architect for a short-term contract.Key Responsibilities : Design and manage AWS organizational governance, including Service Control Policies and mul...Show more A company is looking for a Cloud DevSecOps Engineer IV to join their delivery team on a seven-month contract.Key Responsibilities Create and maintain continuous integration and continuous deliver...Show more A company is looking for a Senior Cloud Security Engineer to join their fully remote team.Key Responsibilities Drive effective security detection and response across the production platform Desi...Show more 
At Credence, we support our clients’ mission-critical needs, powered by technology.We provide cutting-edge solutions, including AI / ML, enterprise modernization, and advanced intelligence capa...Show more A company is looking for a Lead DevOps Engineer (Contract) to architect and manage cloud infrastructure for a blockchain-powered payment network.
Key Responsibilities Design and implement infrastr...Show more A company is looking for a Security Engineer to provide operational guidance for its Security Operations and support critical business objectives.
Key Responsibilities Implement and maintain infor...Show more A company is looking for a Principal Information Security Engineer.Key Responsibilities Define and execute the security strategy for infrastructure and cloud platforms Lead architecture and impl...Show more
Compliance and Security Engineer
VirtualVocations • Lowell, Massachusetts, United States
Full-time
Last updated: 4 days ago • Promoted
Lead DevSecOps Engineer
STR • Woburn, MA, US
Full-time
Last updated: 30+ days ago • Promoted
Senior Security Engineer
VirtualVocations • Dorchester, Massachusetts, United States
Full-time
Last updated: 30+ days ago • Promoted
AWS IAM DevSecOps Engineer
VirtualVocations • Dorchester, Massachusetts, United States
Full-time
Last updated: 5 days ago • Promoted
Security Operations Engineer
VirtualVocations • Lowell, Massachusetts, United States
Full-time
Last updated: 30+ days ago • Promoted
DevOps Engineer - Lead M&S Platform Baseline KRBMA 1629
Global InfoTek Inc • North Lexington, MA, US
Full-time
Last updated: 30+ days ago • Promoted
Enterprise Security Engineer
VirtualVocations • Lowell, Massachusetts, United States
Full-time
Last updated: 30+ days ago • Promoted
Senior Security Operations Engineer
VirtualVocations • Dorchester, Massachusetts, United States
Full-time
Last updated: 30+ days ago • Promoted
DevSecOps Security Architect
VirtualVocations • Lowell, Massachusetts, United States
Full-time
Last updated: 2 days ago • Promoted
Senior DevSecOps Engineer
STR • Woburn, MA, US
Full-time
Last updated: 30+ days ago • Promoted
Senior DevSecOps Engineer
VirtualVocations • Lowell, Massachusetts, United States
Full-time
Last updated: 30+ days ago • Promoted
AWS Security Engineer
VirtualVocations • Lowell, Massachusetts, United States
Temporary
Last updated: 7 days ago • Promoted
Cloud DevSecOps Engineer
VirtualVocations • Lowell, Massachusetts, United States
Temporary
Last updated: 30+ days ago • Promoted
Senior Cloud Security Engineer
VirtualVocations • Dorchester, Massachusetts, United States
Full-time
Last updated: 30+ days ago • Promoted
DevSecOps Engineer
Credence • North Lexington, MA, US
Full-time
Last updated: 9 days ago • Promoted
Lead DevOps Engineer
VirtualVocations • Dorchester, Massachusetts, United States
Full-time
Last updated: 30+ days ago • Promoted
Security Engineer
VirtualVocations • Lowell, Massachusetts, United States
Full-time
Last updated: 30+ days ago • Promoted
Principal Security Engineer
VirtualVocations • Dorchester, Massachusetts, United States
Full-time
Last updated: 30+ days ago • Promoted