Define and lead the DevSecOps vision and roadmap across infrastructure, application, and CI/CD ecosystems.
Architect secure-by-design cloud-native systems across AWS/GCP environments.
Establish security patterns, guardrails, and reference architectures for engineering teams.
Evaluate and implement modern security tooling across SAST, DAST, SCA, container scanning, IaC scanning, and runtime protection.
Embed security controls into CI/CD pipelines and developer workflows.
Drive infrastructure-as-code security best practices (Terraform, CloudFormation, etc.).
Automate security testing and compliance checks to reduce manual overhead.
Implement policy-as-code and automated governance controls.
Lead identity and access management (IAM) strategy and least-privilege enforcement.
Strengthen container and Kubernetes security posture.
Oversee secrets management, encryption standards, and key management processes.
Partner with infrastructure teams on network segmentation, zero-trust architectures, and environment isolation.
Support and mature Alto’s security program in alignment with HIPAA, SOC 2, HITRUST, and other healthcare regulatory frameworks.
Conduct threat modeling, security design reviews, and architecture risk assessments.
Partner with Security and Compliance teams on audits and remediation efforts.
Provide senior-level leadership during security incidents, including root cause analysis and long-term mitigation planning.
Mentor senior and mid-level engineers on secure coding and DevSecOps practices.
Influence engineering leadership and executive stakeholders on security strategy and risk prioritization.
Drive cross-functional alignment across Engineering, Product, IT, and Compliance.
Raise the overall security maturity of the organization through scalable frameworks and standards.

Requirements

14+ years of experience in software engineering, infrastructure engineering, or security engineering, with significant experience in DevSecOps environments
Deep expertise in cloud security architecture (AWS and/or GCP)
Strong experience securing containerized and Kubernetes-based environments
Hands-on experience with CI/CD systems (GitHub Actions, GitLab CI, CircleCI, Jenkins, etc.)
Expertise in infrastructure-as-code (Terraform, CloudFormation) and securing IaC pipelines
Strong knowledge of application security principles, OWASP Top 10, and secure coding practices
Experience implementing and scaling SAST, DAST, SCA, container scanning, and secrets detection tools
Deep understanding of IAM, RBAC, zero-trust models, and encryption best practices
Experience operating in regulated environments (HIPAA, SOC 2, HITRUST, PCI, etc.)
Strong scripting or programming skills (Python, Go, Ruby, or similar)
Demonstrated ability to influence architectural decisions at a Staff or Principal level
Experience in healthcare, pharmacy, fintech, or other highly regulated industries (preferred)
Experience building DevSecOps programs from early-stage to scale (preferred)
Background in site reliability engineering (SRE) or platform engineering (preferred)
Security certifications such as CISSP, CISM, CCSP, or cloud security certifications (AWS/GCP) (preferred)
Experience implementing threat modeling frameworks (STRIDE, PASTA, etc.) (preferred)
Experience with observability platforms and integrating security telemetry into monitoring systems (preferred)

Benefits

dental, vision, and multiple group medical plans to choose from
a 401(k) retirement savings plan
group life insurance
accidental death and dismemberment (AD&D) insurance
flexible spending account (FSA) and health savings account (HSA)
commuter benefits
employer-paid short-term (STD) and long-term disability (LTD) insurance
additional supplemental insurance plans (spouse life insurance, legal insurance, an employee assistance program, home health testing kits, and a fertility medication discount program)
flexible vacation time
accrued paid sick time
10 paid holidays
2 floating holidays for full time non-exempt employees
eight weeks of paid parental leave for eligible employees
additional paid weeks for the birthing parent
4 weeks paid caregiver leave
a Lifestyle Spending Account allowance each month

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

DevSecOpscloud security architecturecontainer securityKubernetesCI/CDinfrastructure-as-codeapplication securityscriptingthreat modelingsecurity tooling

Soft Skills

leadershipmentoringinfluencecross-functional alignmentcommunication

Certifications

CISSPCISMCCSPcloud security certifications