Sr Development Security Operations Engineer ( Senior DevSecOps Engineer)

The Senior DevSecOps Engineer will be embedded within product engineering teams at GHX, focusing on implementing and maintaining secure, automated, and reliable delivery pipelines. This hands-on role involves working with developers, SREs, and product managers to enable faster, safer deployments, cost-efficient infrastructure, and adherence to enterprise security policies, operating within a centralized DevSecOps leadership framework.

Must Have

• Build and maintain CI/CD pipelines (GitHub Actions, GitLab CI, Jenkins, ArgoCD).
• Integrate security testing (SAST, SCA, DAST, container scanning) into build and deployment workflows.
• Implement Infrastructure-as-Code (Terraform, CloudFormation) for product infrastructure.
• Adopt GitOps practices for repeatable and auditable infra provisioning.
• Ensure infrastructure deployments comply with security guardrails, tagging, and cost controls.
• Collaborate with SREs to enable monitoring, logging, and observability (Prometheus, Grafana, OpenTelemetry, New Relic, CloudWatch).
• Ensure pipelines and infrastructure comply with HIPAA, SOC2, and internal security standards.
• Embed IAM, KMS, GuardDuty, Security Hub into workflows for cloud security posture.
• Implement CoE-defined cost governance practices and ensure workloads are tagged, right-sized, and cost-efficient.
• 10+ years in DevOps, Cloud, or Security Engineering.
• Strong hands-on experience with CI/CD pipeline tools.
• Proficiency in AWS services (EKS, ECS, EC2, S3, IAM, Security Hub, GuardDuty).
• Hands-on with containers & Kubernetes (Docker, EKS).
• Experience with Infrastructure-as-Code (Terraform, Pulumi, CloudFormation).
• Familiarity with observability platforms.
• Programming/scripting in Python, Go, or shell scripting.
• Strong collaboration skills in cross-functional product teams.

Good to Have

• Experience in SaaS or healthcare software environments.
• Knowledge of databases (MongoDB, Elasticsearch, SQL).
• Familiarity with compliance frameworks (HIPAA, SOC2, ISO 27001).
• Certifications: AWS Security Specialty, CKA/CKAD, FinOps Certified Practitioner.

Senior DevSecOps Engineer

Position Summary

The Senior DevSecOps Engineer will be embedded within product engineering teams to implement and maintain secure, automated, and reliable delivery pipelines while following standards, frameworks, and guardrails set by the DevSecOps Center of Excellence (CoE).

This is a hands-on role that reports to the Manager of DevSecOps and works directly with developers, SREs, and product managers to enable faster, safer deployments, cost-efficient infrastructure, and adherence to enterprise security policies. The engineer will collaborate closely with Principal and Senior Staff DevSecOps engineers for technical guidance and mentoring while operating within the centralized DevSecOps leadership framework.

Key Responsibilities

Product Line DevSecOps Execution

• Build and maintain CI/CD pipelines (GitHub Actions, GitLab CI, Jenkins, ArgoCD) for the assigned product line.
• Integrate security testing (SAST, SCA, DAST, container scanning) into build and deployment workflows.
• Apply CoE standards, templates, and automation frameworks consistently within product environments.
• Troubleshoot and resolve DevSecOps issues, escalating complex challenges to Staff/Principal engineers.

Infrastructure & Automation

• Implement Infrastructure-as-Code (Terraform, CloudFormation) for product infrastructure.
• Adopt GitOps practices for repeatable and auditable infra provisioning.
• Ensure infrastructure deployments comply with security guardrails, tagging, and cost controls.

Observability, Security & Compliance

• Collaborate with SREs to enable monitoring, logging, and observability (Prometheus, Grafana, OpenTelemetry, New Relic, CloudWatch).
• Ensure pipelines and infrastructure comply with HIPAA, SOC2, and internal security standards.
• Embed IAM, KMS, GuardDuty, Security Hub into workflows for cloud security posture.

FinOps & Cost Awareness

• Implement CoE-defined cost governance practices in product pipelines.
• Ensure workloads are tagged, right-sized, and cost-efficient.
• Provide cost visibility to product teams and support FinOps reviews.

Collaboration & Continuous Improvement

• Work closely with developers, QA, SRE, and product managers to support secure and efficient delivery.
• Participate in CoE knowledge-sharing sessions, playbooks, and Communities of Practice.
• Contribute feedback from product teams back into the CoE to improve standards and frameworks.
• Continuously learn from Staff and Principal engineers and apply best practices within the product line.

Qualifications & Experience

Required

• 10+ years in DevOps, Cloud, or Security Engineering.
• Strong hands-on experience with CI/CD pipeline tools (GitHub Actions, GitLab CI, Jenkins, ArgoCD).
• Proficiency in AWS services (EKS, ECS, EC2, S3, IAM, Security Hub, GuardDuty).
• Hands-on with containers & Kubernetes (Docker, EKS).
• Experience with Infrastructure-as-Code (Terraform, Pulumi, CloudFormation).
• Familiarity with observability platforms (Prometheus, Grafana, OpenTelemetry, New Relic, CloudWatch).
• Programming/scripting in Python, Go, or shell scripting.
• Strong collaboration skills in cross-functional product teams.

Preferred

• Experience in SaaS or healthcare software environments.
• Knowledge of databases (MongoDB, Elasticsearch, SQL).
• Familiarity with compliance frameworks (HIPAA, SOC2, ISO 27001).
• Certifications: AWS Security Specialty, CKA/CKAD, FinOps Certified Practitioner

GHX: It's the way you do business in healthcare

Global Healthcare Exchange (GHX) enables better patient care and billions in savings for the healthcare community by maximizing automation, efficiency and accuracy of business processes.

GHX is a healthcare business and data automation company, empowering healthcare organizations to enable better patient care and maximize industry savings using our world class cloud-based supply chain technology exchange platform, solutions, analytics and services. We bring together healthcare providers and manufacturers and distributors in North America and Europe - who rely on smart, secure healthcare-focused technology and comprehensive data to automate their business processes and make more informed decisions.

It is our passion and vision for a more operationally efficient healthcare supply chain, helping organizations reduce - not shift - the cost of doing business, paving the way to delivering patient care more effectively. Together we take more than a billion dollars out of the cost of delivering healthcare every year. GHX is privately owned, operates in the United States, Canada and Europe, and employs more than 1000 people worldwide. Our corporate headquarters is in Colorado, with additional offices in Europe.