Development Security Operations Engineer

The Doctors Company Information Technology team has an opportunity for a Development Security Operations Engineer. This is a telecommuter or hybrid or opportunity depending on the final candidate’s location from the company's office. **

Position Summary**

Work closely with management and senior security team members to ensure the confidentiality, integrity, and availability of the organization's systems applications. You will be responsible for assessing, analyzing, and improving the security of software applications. You will work closely with the development team to identify vulnerabilities and implement security measures to protect the application and its users. You will also be involved in conducting security assessments, performing code reviews, and providing guidance on secure coding practices. Integrate security practices into the software development and operations processes, ensuring that security is built into every stage of the software development life cycle (SDLC). Your goal is to create a secure and efficient development environment where software is delivered quickly and securely. **

Qualifications**

• Bachelor’s degree in computer science, Information Security, or a related field.
• Relevant certifications (e.g., CISSP, CISM, CEH) are a plus.
• Proven experience as a DevSecOps Engineer or a similar role, with a strong focus on application security.
• In-depth knowledge of software development lifecycle and secure coding practices.
• Experience with security testing tools and techniques, such as static analysis, dynamic analysis, and fuzz testing.
• Familiarity with cloud platforms and security best practices for cloud environments (e.g., Azure, Azure serverless functions, AWS).
• Strong understanding of networking protocols, web application architecture, and common security vulnerabilities.
• Proficiency in programming, scripting, and automation using languages like Microsoft .NET C#, Python, PowerShell, Bash, Web languages (HTML, JS, CSS, Etc.)
• Knowledge of containerization technologies (e.g., Docker, Kubernetes) and security considerations in containerized environments.
• Familiarity with DevOps practices and tools, such as version control systems (e.g., Git), continuous integration/continuous deployment (CI/CD) pipelines, and infrastructure automation.
• Excellent problem-solving and communication skills.
• Ability to work effectively in a fast-paced and collaborative environment.
• Experience with Cloud Security Posture Management (CSPM) tools (such as WizIO) a plus.

Salary Range: $112,700 - 139,217 **

Responsibilities**

• Promote secure coding practices within software development team standups and code review sessions, relaying planned release timelines and risks to the security team.
• Collaborate with developers to integrate security controls into the development lifecycle.
• Lead the implementation of DevSecOps best practices, with an emphasis on integrating automated security testing into Azure cloud optimized CI/CD pipelines.
• Take a leading role in integrating static code analysis tools (Snyk) into company CI/CD pipelines (Azure Dev Ops, Jenkins, StarTeam).
• Continuously monitor and improve code analysis processes.
• Review code analysis findings, identifying false positives and prioritizing remediation efforts by criticality.
• Perform dynamic security testing of web applications using Burp Suite, Rapid7 Insight AppSec, and other tools, manually validating findings as needed to reduce false positives and prioritize corrections.
• Take an advisory role in securely integrating infrastructure as code tools (Bicep).
• Perform security assessments, vulnerability testing, and detailed risk analysis to ensure compliance with industry standards and regulatory requirements.
• Evaluate existing IT infrastructure, identifying areas for security improvement.
• Identify opportunities to automate security controls, collaborating with the security team to review and enhance identity management, and security engineering automation.
• Work closely with infrastructure teams to identify and enforce security policies and controls within the Azure cloud environment.

About The Doctors Company

The Doctors Company is the nation’s largest physician-owned medical malpractice insurer. Founded and led by physicians, we are committed to advancing, protecting, and rewarding the practice of good medicine.

The Doctors Company is proud to be Certified™ by Great Place to Work®.