DevSecOps Engineer

Job Details

Job Location

Albany or NYC Office - Albany or New York, NY

Position Type

Full Time

Travel Percentage

Occasional

Job Shift

M - F 9am - 5pm

Description

New York eHealth Collaborative – DevSecOps Engineer

New York eHealth Collaborative (NYeC) is a not-for-profit organization working in partnership with the New York State Department of Health to improve healthcare by collaboratively leading, connecting, and integrating health information exchange across the State.

Founded in 2006 by healthcare leaders, NYeC works to help New York State achieve the Triple Aim of improving the patient experience of care, delivering better health outcomes, and reducing costs. On behalf of the State, NYeC leads the Statewide Health Information Network for New York (SHIN-NY), a network connecting healthcare providers statewide, develops policies and standards that support the utilization of health technologies, and assists healthcare providers in adopting and effectively using electronic health records.

Position Summary:

NYeC is seeking a DevSecOps Engineer to use their technical skills for the design and implementation of various CICD patterns while abiding by industry standards and policies. You will often take part in design and code reviews and offer direction to ensure project scoping activities match architectural goals and specifications. When new applications are introduced or current ones undergo changes, you will frequently work with partners in other business divisions to provide build solutions. Other responsibilities include documenting DevSecOps processes and ensuring that the DevSecOps platforms are up to date and properly maintained.

This position reports to the DevOps Manager and can be operated out of the Albany, NY or Manhattan, NY office.

Primary Responsibilities:

• Focuses on hands on engineering and architecting cybersecurity solutions using industry's best practices to protect the organization from various threat actors.

• Partner closely with the Engineering and DevOps teams to design and automate security controls as part of their CI/CD pipelines.

• Scan and track the remediation of vulnerabilities in code, containers, and infrastructure as code.

• Implement automation to perform security compliance testing into the development lifecycle.

• Develop and Report Key Risk Indicators (KRIs) within the SSDLC processes.

• Create and present updates to management on periodic basis regarding accomplishments, challenges and risks associated with respective projects.

• Proactively monitors network traffic and utilization to discover and prevent systematic and or performance issues to optimize the DevOps landscape.

• Writes Infrastructure as Code (IaC) using Industry standard tools and services.

• Setup & maintain CI/CD pipelines with application team.

• Work on finding alternative solutions as needed in our cloud environment.

• Build & maintain the test environments in AWS

• Build automated deployment systems in AWS to increase the pace and consistency of releases.

• Automate & maintain the release cycles for the team and track changes to QA, staging and prod environment

• Participates in L2-L3 support for any reported business critical issues after hours.

• Works closely with other infrastructure team members to provide adequate back up and work on tasks as needed.

• Other ad hoc duties as assigned.

  Experience and Skills Required:

• Bachelor’s Degree in Computer Engineering, Computer Science, or related field.

• 4+ years of hands-on security engineer and operations experience securing cloud environments and developing automation workflows.

• Practical experience in implementing security checks within a Secure SDLC Pipeline

• Hands on experience with CI/CD tools such as Jenkins, Git, Bitbucket , Bitbucket Pipelines , Cloud formation etc.

• Scripting experience with one or more scripting languages: PowerShell, Python, perl, YAML.

• Hands on experience with infrastructure as code tools such as Terraform, or CloudFormation.

• Experience with container image scanning and vulnerability management.

• Experience with Linux systems and command-line interfaces.

• Familiarity with networking architecture (e.g Load Balancing, TCP/IP, Routing, DirectConnect, ExpressRoute).

• Experience with monitoring stacks like Cloudwatch, Datadog, etc

• Ability to work within a security framework such as NIST, HITRUST, ISO desired.

• Capable of interacting internally with team, and externally with vendors, in a professional and collaborative way.

• Ability to work in a fast-paced environment, adaptable to change and adhering to policy and procedure; change control, ticketing system, team communication.

• Experience in deploying and maintaining monitoring tools and services

• Certification in AWS cloud, DevOps, or related technology (AWS Developer Associate, AWS DevOps Professional, AWS Security Specialty, AWS Solutions Architect Associate) a huge plus.

• CISM, CISSP or other Security Certifications are a huge plus.

• Experience working with cloud-native big data platforms such as AWS, Azure data lake as a service.

• Experience working with cloud-native programming, analytics, and modeling tools such as Snowflake.

• Healthcare system integration, including HL7, FHIR, and EDI interface.

  We consider a wide range of factors when determining compensation, which may cause compensation to vary depending on your skills, experience, qualifications, and home office location (Manhattan, NY vs. Albany, NY). The annual base salary range for this role for an Albany, NY based candidate is $80,000 to $100,000. The annual base salary range for this role for a Manhattan, NY based candidate is $95,000 to $120,000 The salary offer will not be based on a candidate’s salary history at other jobs, and by law, NYeC will not seek information about salary history, and candidates should not share such information with NYeC. All compensation questions and comments should be directed to the HR Department representative during your application, interview, and hiring process.

  NYeC is an Equal Opportunity Employer. We are dedicated to building a diverse, inclusive, and authentic workplace, so if you are excited about this role but your past experience doesn't align perfectly with everything listed in the job description, we encourage you to apply anyways. You may be just the right candidate for this or other roles.

  For more information about NYeC and to apply for this position, visit our website at https://www.nyehealth.org/careers/. We accept online applications only.