DevSecOps Engineer

ABOUT TOMORROW HEALTH

Tomorrow Health enables exceptional healthcare for patients and their families in the place they want to be most — home. At Tomorrow Heath, we build technology that rewires the way home-based care is ordered, delivered, and paid for. Tomorrow Health connects patients, providers, health plans, and home-based care suppliers, to ensure patients receive the correct and timely care they need to remain healthy at home.

We believe that a team’s strength is in its people. Our goal is to raise the industry standard for patient experience, and we realize this cannot be achieved without a team that reflects the vast diversity in race, ethnicity, gender, sexuality, and set of experiences and perspectives of the patients we serve. We believe in putting patients first, that many perspectives are stronger than one, and in treating those we serve just as we would our own family members. If you’re passionate about improving healthcare delivery, leveraging technology to serve people, and working in a collaborative, diverse environment, we hope you’ll join us.

THE TEAM

The Technology team at Tomorrow Health builds the software and technologies that connect and scale the home health ecosystem in order to transform the home into the preferred place of care for positive patient outcomes. Our products serve a diverse set of users – doctors, insurance companies, medical equipment suppliers, and care coordinators – and ultimately enable us to deliver a higher quality patient experience. Our team of mission-driven technologists is highly collaborative, supportive, empathetic, curious, and impact-oriented. We are dedicated to leveraging data-driven insights to enable a faster, simpler, and more transparent process for patients and healthcare partners.

THE ROLE 

This is a contract role for 6-9 months.

Tomorrow Health is committed to ensuring the highest standards of security and compliance. As we continue to build our security and compliance program, we are seeking a talented and experienced DevSecOps Engineer to join our team on a contract basis. This role will be instrumental in implementing and maintaining security controls to achieve and maintain SOC 2 Type 2 compliance. In addition, they will partner with our Engineering team to integrate security practices into our DevOps processes, ensuring robust security controls are in place to protect our systems and data

In this role, you will:

• Design and implement security controls and processes to meet SOC 2 Type 2 requirements. Partnering with the Engineering team, you will:
• Implement code scanning and network vulnerability scanning solutions.
• Implement security monitoring, logging, and alerting systems.
• Implement and manage our Web Application Firewall 
• Integrate security tools and practices into the CI/CD pipeline.
• Review our infrastructure and network security, make recommendations for enhancements, and lead the implementation of those changes.
• Ensure encryption and key management practices are adhered to across all systems and data.
• In addition, you will:
• Develop documentation for security policies, procedures, and controls.
• Collaborate with development and operations teams to embed security practices throughout the software development lifecycle, and provide training and guidance to team members on secure coding practices.
• Assist with audits and assessments related to SOC 2 Type 2 compliance.

ABOUT YOU

• 5+ years of experience in a DevSecOps or similar role. 
• Knowledge of HIPPA, SOC 2 Type 2, HITRUST, or ISO 27001 requirements, and experience implementing controls to meet these standards.
• Deep understanding of AWS cloud platform infrastructure, and securing environments on AWS
• Proficiency with infrastructure as code (Terraform, Pulumi, etc.) and containerization (Docker, Kubernetes, etc.). Strong preference for Terraform experience.
• Strong knowledge of CI/CD tools (CircleCI, Github Actions, GitLab CI, etc.) and integrating security into these pipelines.
• Proficiency with security tools such as SAST, DAST, SIEM, and vulnerability scanners.
• Strong communication and collaboration skills.
• Current with emerging security trends, threats, and technologies.

Preferred Qualifications:

• Proficiency with security tools such as SAST, DAST, SIEM, and vulnerability scanners.
• Certifications such as CISSP, CISM, CEH, or similar.
• Experience with automated compliance frameworks (Vanta, Drata) and tools.
• Experience with security incident response and forensics.

Pay rate for this position: $50 to $70/hour, depending on experience and qualifications

Learn more about our core values and working with us on our careers page! 

Tomorrow Health is an Equal Opportunity Employer and does not discriminate on the basis of race, religion, color, sex, gender identity, sexual orientation, age, non-disqualifying physical or mental disability, national origin, veteran status or any other basis covered by appropriate law.