As a DevSecOps Security Consultant, you will play a pivotal role in integrating best security practices into our software development lifecycle. Your expertise will be crucial in shaping our DevSecOps pipeline, ensuring that our products are not only innovative but also adhere strictly to HIPAA compliance and security standards. In this role, you will serve as a consultant to the development team by reviewing systems already in place and providing guidance on how to approach building our application into the future.
Key Responsibilities:
- Assess and enhance our current DevSecOps practices to ensure robust security in our cloud-based development environment.
- Design an access control architecture for iTrust applications.
- Guide the development of a scalable and secure AWS architecture.
- Demonstrate proficiency in setting up and managing cross-account AWS environments, ensuring secure and efficient operations across different organizational units.
- Gain experience with defining and implementing access control policies at the application, AWS infrastructure, and business levels, ensuring adherence to key industry standards such as SOC 2, ISO 27001, HIPAA, GDPR, and NIST frameworks.
- Provide expert advice on AWS cloud security best practices and tools.
- Develop and implement strategies for continuous integration and deployment (CI/CD) that prioritize security and HIPAA compliance.
- Conduct regular security audits and risk assessments within the DevSecOps pipeline.
- Serve as the go-to expert for all queries related to cloud security, particularly in the AWS ecosystem.
- Train and guide the development team in adopting secure coding practices and understanding HIPAA compliance requirements.
- Stay abreast of the latest security trends and regulations in the healthcare industry.
- Establish a streamlined pipeline for de-identifying data to protect privacy while retaining its utility, in compliance with HIPAA standards.
- Create a system to limit access to sensitive data to only what's needed for each task, boosting security and privacy.
- Implement a system requiring developers to elevate permissions for sensitive tasks, enhancing oversight and compliance.
Requirements:
- Strong understanding of AWS services and security capabilities.
- Proven experience as a DevSecOps Consultant or similar role, with a focus on security in cloud environments.
- Extensive knowledge of ISO 27001 standard and their application in cloud and software development.
- Experience with CI/CD tools, automation, and scripting.
- Experience with Infrastructure as Code (IaC), specifically using AWS Cloud Development Kit (CDK) in Python.
- Excellent communication skills, with the ability to translate complex security concepts to a non-technical audience.
- Relevant certifications (e.g., AWS Certified Security Specialty, CISSP, CISM) are highly desirable
Benefits:
- Fully remote work
- Flexible working hours tailored for work-life balance
- Educational and health check-up allowances.
- Comprehensive health insurance, labor insurance, and pension plans.