DevSecOps Engineer - DevOps Engineer

HTG seeks to hire an expert level DevSecOps engineer to perform the below described duties onsite.

HHS Technology Group (HTG) creates software specific to the healthcare insurance domain.  We implement transformational complex solutions that leverage data science to modernize technology and improve profitability for our enterprise level clients. HTG's flagship products are Discover your Provider (DyP) and Discover your Data (DyD). 

HHS Technology Group (HTG) specializes in the healthcare insurance domain creating transformational complex software that leverage data science to modernize technology and improve profitability for our enterprise level clients.   HTG's flagship products are Discover your Provider (DyP) and Discover your Data (DyD).  

Employee benefits at HHS Tech Group are very comprehensive and competitive.  We match 100% of your 401K contributions (up to 6% of salary) with no vesting period, unlimited PTO policy, fully paid premiums on dental, vision, life insurance, and dental insurance.  Employee contributions to medical plan are very affordable as HTG sponsors a great deal of the premium.

HTG values and appreciates our talented technical teams, each team member is a critical asset and directly impacts our success and growth.  We recognize and know YOUR WORTH!  HTG fosters a culture that supports and encourages career advancement and promotion.
 

The DevSecOps Engineer will utilize IaC and Configuration as code to ensure the security of the CI/CD pipeline with proper access and configuration to protect assets in the cloud.    This talented individual will implement, manage, and maintain the continuous security tools used in the CI/CD pipeline.  Expected to validate and adjust automation to manage false positives related to infrastructure/OS/container vulnerabilities and other related artifacts.  

​​​​​​​Responsible for writing and deploying policy as code to ensure the security of the cloud infrastructure with proper access and configuration and will develop an optimal technical architecture that maximizes the use of established free and open source software, where appropriate. Conducts security threat assessments, control matrixes and other security artifacts needed to assess and report the state of security in the infrastructure.  Manages and configures continuous security monitoring of infrastructure appliances such as WAF's, IDP/S, and more.                                                                                                                 Mandatory Qualifications                                                                                                              

• Shall have a minimum of Eight (8) years Full-Time Equivalent (FTE) experience working on information technology (IT) projects with size and scope comparable to the business needs of the this enterprise level client’s modernization effort.

• Shall have a minimum of 2 years of experience as technical lead securing Kubernetes clusters and the applications they run on including least privilege and zero trust networks with tools such as Istio

• Shall have a minimum of 3 years of experience as technical lead securing containers using NIST/CIS standards.                                                                                                                    

• Shall have a minimum of 5 years of experience as technical lead responsible for securing access, encryption, service account and more.  3 years of that experience should be in securing automation tools.   

• Shall have 3 years of experience as tech lead implementing and managing security tools for quick feedback on image, package and other security concerns as part of the CI/CD pipeline.                           

• Shall have minimum 5 years of experience in implementing/monitoring network and security appliances in a continuous manner.                                                                                         
• Shall have a minimum of 5 years of experience coding.  Including at least 3 years with a scripting language, 2 years with terraform and at least 1 year with an OOP language                                            

• Shall have 5 years of experience as tech lead with responsibility in designing the web security frameworks and approach to encryption, network management, DDOS and other common web security issues.

• Shall have a minimum of 5 years of experience as technical lead building and managing authentication solutions utilizing least privilege and other common security practices.                                 

• Shall have 5 Years of experience setting up and maintaining security automation and controls in HIPAA/Hitrust and fedramp environment.                                                                              
• Shall have a minimum of 5 years of experience developing, packaging and using docker containers in development and production environments.                                                                         

• Shall have 2 years of experience building infrastructure in cloud environments.                    

​​​​​​​Desirable Qualifications                                                                                                              

• Three (3) years’ FTE experience working with Agile/SCRUM system development methodologies.

• 2 years of experience securing containers utilizing Twistlock/Sysdig/AquaSec.
• 2 years of experience with building AWS infrastructure and networking using terraform enterprise, EKS, vpc, security groups, secrets manager, RDS and sentinel.                                                            
• 2 years of experience with following CI/CD tools Spinnaker, CircleCI.                                     
• 2 years of experience developing applications with RESTful API's, auth 2.0, GRPC, http 1.1 and other web communication and authentication strategy's.                                                                      
• 2 years of experience with policy as code such as sentinel, or AWS config.                            
• 2 years of experience as technical lead building and operating continuous monitoring solutions.   

HHS Technology Group creates software products in the healthcare insurance domain. Our software, Discover your Provider (DyP) and Discover your Data (DyD) ensure seamless modernization of monolithic, antiquated systems and leverages data science to give our customers intelligent insight of data trends pertaining to paid insurance claims. HHS Technology Group has become a valued and trusted systems integration partner for several departments within a number of State Governments. HHS Technology Group’s flagship product, Discover your Provider (DyP) is a provider relations/provider enrollment solution. Components of this modular software can be re-purposed or built upon to deliver cloud based technical web services solutions. The intense growth and tremendous financial forecast we are experiencing at HHS Technology Group can largely be attributed to our successes on these initiatives.

HHS Tech Group employees enjoy a very comprehensive and competitive benefit package:

• Company sponsored premiums on dental, vision, life insurance, and disability insurance. Monthly match on HSA and FSA if opted

• Generous 401k matching program - 100% match on contributions up to 6% of your salary - no vesting period

• Generously sponsored Medical Insurance premiums (Cigna PPO or Cigna HSA)

Salary : $130,000 - $165,000