Senior DevSecOps Engineer

Is it possible for you to openly access your company’s financial data, or HR records? No, of course not. Did you know, however, that in hospitals across the country, any doctor, any nurse, or any person from any department with computer access can easily review your healthcare information? I know what you're thinking, and you're correct. Yes, that is a privacy violation; and there were 40 million of these breaches in 2020 alone. Crazy, right? This is the problem smart engineers can solve.  

The Protenus Healthcare Compliance Analytics platform is powered by artificial intelligence (AI) that ingests robust, unique data feeds to provide visibility into potential patterns of suspicious behavior that may otherwise go unnoticed. Our AI and advanced analytics empowers subject matter experts to mitigate and ultimately reduce organizational risk  — whether it's an employee improperly accessing patient records, or a clinician diverting medications — in an efficient, accurate and scalable manner.

As a member of the Cybersecurity Team, the Senior DevSecOps Engineer at Protenus is responsible for the technical security and privacy of the Protenus operations and infrastructure. The scope involves both the Protenus Platform (our customer-facing product), as well as internal Protenus tools and data. This individual will also lead the team in the design, implementation, maintenance, and improvement of the security technology utilized by Protenus. They are a technical point of contact for the team and will identify new areas to implement automation and assist in designing, building, and deploying automation tooling. Additionally, they will help maintain the security posture of Protenus through vulnerability scanning and management, software security assessments, incident response planning and testing, and working with third-party partners on external scans and penetration testing.

 Senior DevSecOps Engineer reports directly to the CISO, and will assist with process and procedure improvements, third-party audits, comprehensive risk assessments, provide support to our sales and customer success teams by answering security questionnaires, and participating in meetings with customer security teams.

 Finally, you'll be internally recognized as technical experts and leaders, having through the course of their career developed significant depth of knowledge in the information security domain. They have the heart of a teacher and are eager to share their knowledge and expertise. This person will mentor Security Engineers, inform, and enlighten management, and they are a champion for the ongoing improvement of our security posture. They eagerly collaborate with Engineering and IT on security safeguards, system design, and implementation best practices. You will be our resident expert, in depth and breadth, in all things security related.

 Responsibilities:

• Confidently and skillfully respond to security incidents and proactively work to prevent similar incidents in coordination with multiple teams.
• Lead large security projects both of a technical and compliance nature. 
• Understand the best practices in secure engineering and provide technical security guidance across the organization, to include areas such as: cloud architecture, cloud infrastructure, networking, and software development.
• Appraise the impact of current security trends and vulnerability advisories and develop proper mitigation and/or remediation efforts.
• Mentor other security professionals in best practices involving automation, maintenance, operation of security tools, infrastructure configuration, system auditing, and remediation efforts.
• Perform maintenance, upgrades and enhancements of security tools, developing automation when possible.
• Assist in all team-level tasks, ensuring delivery of top-priority goals.

Qualifications

Substantial work history in relevant security roles. Ideal candidates will have an academic background and years of experience as follows:

o   Bachelor’s Degree with 7+ years experience

o   Master’s Degree or PhD with 4+ years experience

• Expertise with multiple technologies such as:
• Cloud-based IaaS Systems (e.g., AWS, Azure)
•  Vulnerability Scanning Tools (e.g., Nessus, OpenVAS)
• SIEM and logging technology (e.g., Splunk, Elastic, LogRhythm)
• Enterprise VPN (e.g., Cisco AnyConnect, Fortinet VPN, Palo Alto Global Protect)
• Host-based security tools (e.g., Sophos, ClamAV, Wazuh/OSSEC, Tripwire)
• API automation and scripting experience (e.g., Python, Java, Go)
• Has experience with modern Cloud-based Software Development practices, such as Infrastructure-as-Code, Immutable Infrastructure, GitOps, and CI/CD Pipelines.

Location: Anywhere within the United States. We are a virtual first organization.

Sponsorship: We are unable to offer visa/green card sponsorship at this time.

About Protenus

Our HQ is located in the Fells Point area of Baltimore, MD. We love our office and hope you will too, but we won't require you to work from there. We made the decision to be a "virtual first" organization in early 2021. Even after COVID is a thing of the past, we will remain virtual first. If you live in the area and would like to come in, great! If you are in town to meet with your team, even better! We welcome you (and dogs) anytime. We operate with "big person rules" and let you make the decision about what works best for you, your life and your family. Results > Location