May 19, 2021

DevSecOps Engineer

  • Sema4
  • New York, NY

Job Description

Sema4 is a health information company founded on the idea that more information, deeper analysis, and increased engagement will improve the diagnosis, treatment, and prevention of disease. A Mount Sinai Health System venture based in Stamford, Conn. Sema4 is enabling physicians and consumers to more seamlessly engage the digital universe of data, from genetic test results and clinical records to wearable sensor metrics and more. The company currently offers advanced genome-based diagnostics for reproductive health, oncology, and pharmacogenomics, and is building predictive models of disease biology. Sema4 believes that patients should be treated as partners, and that data should be shared for the benefit of all. The Sema4 Product Engineering team is seeking a mid-level DevSecOps Engineer to assist in protecting and securing our software application portfolio. This position will also play a significant role in advancing and maintaining Sema4’s security and compliance posture. You’ll work with a team of DevOps engineers to incorporate security and compliance requirements into existing and new infrastructure-as-code, automation, and CI/CD pipelines. RESPONSIBILITIES Secure cloud-based servers (mainly Linux) based on prescriptive frameworks and compliance requirements Incorporate security, compliance, and governance requirements into code and infrastructure pipelines Apply DevOps automation principles and capabilities to manual and repetitive tasks Review and plan infrastructure changes and new builds to comply with security requirements Participate in incident response, triage, and investigation/remediation of infrastructure issues Update and maintain documentation, audit trails, and artifacts relevant to security and compliance posture of the company Assist in updating and maintaining documentation, audit trails, and artifacts relevant to the security and compliance posture of our application portfolio QUALIFICATIONS Bachelor’s Degree in Software Engineering, Computer Science, or related field (equivalent experience also considered). AWS and GCP cloud platforms, certifications on either are a plus Linux system administration and security/hardening practices Familiarity with security tooling such as GuardDuty, SecurityHub, IAM DevOps tooling such as CircleCI, Sentry, Datadog, Containerization technologies such as Kubernetes, EKS, Snyk 3+ years proven ability to work creatively and analytically in a problem-solving environment Familiarity with a minimum of 1 scripting language (Ruby/Python/perl/Bash) Familiarity with IaC tools such as CloudFormation or Terraform Familiarity with security and reporting frameworks, e.g. HITRUST, SOC2, NIST, a plus Familiarity with healthcare and healthcare security—HIPPA, HITECH—a plus CISSP/CCSP or equivalent security certification is a plus Excellent leadership, communication (written and oral) and interpersonal skills

Apply Now