Devsecops & Security Compliance Engineer

DevSecOps & Security Compliance Engineer

Apiphani is a technology-enabled managed services company dedicated to redefining what it means to support mission-critical enterprise workloads. We're a small but rapidly growing company, which means there's lots of room for growth and learning opportunities abound!

Apiphani is dedicated to creating a diverse and inclusive work environment for all as a fundamental component of our business. Diversity and inclusion are the bedrock of creativity and innovation. Without diversity of experience and thought, we would fail to progress as a company and as a team. Apiphani strives to foster an environment of belonging, where every employee feels respected, valued, and empowered. We embrace the unique experiences, perspective, and cultural background, which only you can bring to the table.

Job Description

The DevSecOps & Security Compliance Engineer will be responsible for developing, implementing, and maintaining apiphani's DevSecOps practices and security compliance programs to protect information assets throughout the software development lifecycle. This role will ensure that security and compliance requirements are embedded into apiphani's infrastructure, applications, and operational processes. The DevSecOps & Security Compliance Engineer reports to the Head of Cybersecurity.

Job Duties

• Design and implement DevSecOps frameworks and practices across apiphani's development and deployment pipelines
• Develop, deploy, and manage security compliance programs aligned with industry standards and regulatory requirements
• Develop and maintain security policies, standards, procedures, and compliance documentation
• Work with technical and business leaders at apiphani to ensure compliance with industry standards and best practices, including SOC 2, ISO 27001, CMMC and other applicable frameworks
• Implement and manage security solutions integrated into the CI/CD pipeline, including container security, code scanning, secrets management, infrastructure as code scanning, and related technologies
• Oversee security assessments, penetration testing, and vulnerability assessments to identify potential threats and security exposures throughout the development lifecycle
• Maintain security incident response plans, monitor security incidents, and conduct incident response related to application and infrastructure security
• Maintain security awareness and training programs to educate developers and operations teams on secure coding practices and security policies
• Mentor security analysts and provide day-to-day tasking and guidance
• Stay up to date with the latest developments in DevSecOps, security compliance, and cloud-native security practices
• Advise on the integration of security controls into infrastructure and application deployment processes
• Identify gaps in current security practices and solutions, and develop roadmaps to address compliance and DevSecOps maturity
• Advise on the direction and priorities of apiphani's IT projects and initiatives as they relate to security and compliance
• Participate in infrastructure and security team meetings to ensure security is embedded in technical decisions
• Advise on vendor-specific partnerships and DevSecOps solutions available for apiphani
• Support security risk assessments and help stakeholders understand business and compliance risks
• Meet with internal and external stakeholders to develop relationships and foster collaboration on security and compliance initiatives

Required Skills

• Bachelor of Science in Computer Science, Engineering, Applied Sciences, or equivalent work experience
• 5+ years of hands-on experience in security engineering, DevOps, cloud infrastructure, or application security
• Strong experience with CI/CD pipelines, container technologies (Docker, Kubernetes), and infrastructure as code (Terraform, CloudFormation)
• Professional working knowledge of information security standards and guidelines such as ISO 27001, NIST 800-53, NIST 800-171, NIST CSF, CIS, PCI DSS, and SOC 2
• At least one of the following certifications, or the ability to obtain within six months of being hired: CISSP, CRISC, SANS GIAC, or relevant cloud security certifications (AWS Security, Azure Security Engineer)
• Strong cloud platform experience with AWS or Azure, including native security services
• Experience implementing security tools and practices in cloud-native environments
• Experience with infrastructure engineering, networking, and systems administration
• Experience with one or more ticketing systems (ServiceNow preferred)
• Experience with security and compliance automation tools a plus
• Experience at an MSP or SI a plus
• Service management and governance experience with ITIL a plus
• Either has or is willing to obtain clearance
• Great communicator who can write and present effectively to both technical and non-technical audiences
• Strong analytical and critical thinking skills, thrives in a team environment
• Self-organized, deadline and detail-oriented with strong organizational skills
• Strong leadership capabilities and ownership bias
• Able to effectively prioritize competing priorities and manage multiple workstreams

Company Benefits

• Medical/dental/vision - 100% paid for employees, 50% paid for dependents
• Life and disability - 100% paid for employees
• 401K - 3% contribution, no employee contribution necessary
• Education and tuition reimbursement - up to $50K annually
• Employee Stock Options Plan
• Accident, critical illness, hospital indemnity benefits offered through our providers
• Employee Assistance Program
• Legal assistance
• Paid Time Off - up to 6 weeks per year
• Sick Leave - up to 2 weeks per year
• Parental Leave - up to 12 weeks