Sr Development Security Operations Engineer

Job Description Senior DevSecOps Engineer Position Summary The Senior DevSecOps Engineer will be embedded within product engineering teams to implement and maintain secure, automated, and reliable delivery pipelines while following standards, frameworks, and guardrails set by the DevSecOps Center of Excellence (CoE). This is a hands-on role that reports to the Manager of DevSecOps and works directly with developers, SREs, and product managers to enable faster, safer deployments, cost-efficient infrastructure, and adherence to enterprise security policies. The engineer will collaborate closely with Principal and Senior Staff DevSecOps engineers for technical guidance and mentoring while operating within the centralized DevSecOps leadership framework. Key Responsibilities Product Line DevSecOps Execution - Build and maintain CI/CD pipelines (GitHub Actions, GitLab CI, Jenkins, ArgoCD) for the assigned product line. - Integrate security testing (SAST, SCA, DAST, container scanning) into build and deployment workflows. - Apply CoE standards, templates, and automation frameworks consistently within product environments. - Troubleshoot and resolve DevSecOps issues, escalating complex challenges to Staff/Principal engineers. Infrastructure & Automation - Implement Infrastructure-as-Code (Terraform, CloudFormation) for product infrastructure. - Adopt GitOps practices for repeatable and auditable infra provisioning. - Ensure infrastructure deployments comply with security guardrails, tagging, and cost controls. Observability, Security & Compliance - Collaborate with SREs to enable monitoring, logging, and observability (Prometheus, Grafana, OpenTelemetry, New Relic, CloudWatch). - Ensure pipelines and infrastructure comply with HIPAA, SOC2, and internal security standards. - Embed IAM, KMS, GuardDuty, Security Hub into workflows for cloud security posture. FinOps & Cost Awareness - Implement CoE-defined cost governance practices in product pipelines. - Ensure workloads are tagged, right-sized, and cost-efficient. - Provide cost visibility to product teams and support FinOps reviews. Collaboration & Continuous Improvement - Work closely with developers, QA, SRE, and product managers to support secure and efficient delivery. - Participate in CoE knowledge-sharing sessions, playbooks, and Communities of Practice. - Contribute feedback from product teams back into the CoE to improve standards and frameworks. - Continuously learn from Staff and Principal engineers and apply best practices within the product line. Qualifications & Experience Required - 10+ years in DevOps, Cloud, or Security Engineering. - Strong hands-on experience with CI/CD pipeline tools (GitHub Actions, GitLab CI, Jenkins, ArgoCD). - Proficiency in AWS services (EKS, ECS, EC2, S3, IAM, Security Hub, GuardDuty). - Hands-on with containers & Kubernetes (Docker, EKS). - Experience with Infrastructure-as-Code (Terraform, Pulumi, CloudFormation). - Familiarity with observability platforms (Prometheus, Grafana, OpenTelemetry, New Relic, CloudWatch). - Programming/scripting in Python, Go, or shell scripting. - Strong collaboration skills in cross-functional product teams. Preferred - Experience in SaaS or healthcare software environments. - Knowledge of databases (MongoDB, Elasticsearch, SQL). - Familiarity with compliance frameworks (HIPAA, SOC2, ISO 27001). - Certifications: AWS Security Specialty, CKA/CKAD, FinOps Certified Practitioner GHX: It's the way you do business in healthcare Global Healthcare Exchange (GHX) enables better patient care and billions in savings for the healthcare community by maximizing automation, efficiency and accuracy of business processes. GHX is a healthcare business and data automation company, empowering healthcare organizations to enable better patient care and maximize industry savings using our world class cloud-based supply chain technology exchange platform, solutions, analytics and services. We bring together healthcare providers and manufacturers and distributors in North America and Europe - who rely on smart, secure healthcare-focused technology and comprehensive data to automate their business processes and make more informed decisions. It is our passion and vision for a more operationally efficient healthcare supply chain, helping organizations reduce - not shift - the cost of doing business, paving the way to delivering patient care more effectively. Together we take more than a billion dollars out of the cost of delivering healthcare every year. GHX is privately owned, operates in the United States, Canada and Europe, and employs more than 1000 people worldwide. Our corporate headquarters is in Colorado, with additional offices in Europe. Disclaimer Global Healthcare Exchange, LLC and its North American subsidiaries (collectively, GHX) provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, national origin, sex, sexual orientation, gender identity, religion, age, genetic information, disability, veteran status or any other status protected by applicable law. All qualified applicants will receive consideration for employment without regard to any status protected by applicable law. This EEO policy applies to all terms, conditions, and privileges of employment, including hiring, training and development, promotion, transfer, compensation, benefits, educational assistance, termination, layoffs, social and recreational programs, and retirement.GHX believes that employees should be provided with a working environment which enables each employee to be productive and to work to the best of his or her ability. We do not condone or tolerate an atmosphere of intimidation or harassment based on race, color, national origin, sex, sexual orientation, gender identity, religion, age, genetic information, disability, veteran status or any other status protected by applicable law. GHX expects and requires the cooperation of all employees in maintaining a discrimination and harassment-free atmosphere. Improper interference with the ability of GHX's employees to perform their expected job duties is absolutely not tolerated. Read our GHX Privacy Policy