Senior DevOps Security Engineer

Employment Type: Full time

Position Overview

Alto Pharmacy is seeking a Senior DevOps Security Engineer to join our DevSecOps team. In this role, you will collaborate closely with engineering, IT, compliance, and security teams to enhance our infrastructure security, improve developer security tooling, and integrate best-in-class security practices across our systems. Your expertise will be crucial in maintaining a resilient, secure, and compliant environment as we scale our patient and partner-facing platforms, including Alto Technologies. You will play a key role in strengthening our DevSecOps foundation while supporting developer velocity and innovation.

Example Projects:

• Implement a Kubernetes security framework to enforce workload policies, secrets management, and network controls across clusters.
• Build security automation tools to scan Infrastructure-as-Code artifacts (Terraform, Helm charts) for vulnerabilities before deployment.
• Design and implement automated pipelines for continuous vulnerability management and remediation across cloud infrastructure.
• Lead incident response drills and create operational runbooks to improve our security readiness and incident recovery processes.
• Collaborate with engineering teams to harden CI/CD pipelines and integrate security testing into the software development lifecycle.

Responsibilities

• Lead security-focused initiatives across our cloud infrastructure, CI/CD pipelines, and Kubernetes platforms to enhance Alto’s security posture.
• Implement and manage security controls, monitoring systems, and vulnerability management programs aligned to healthcare compliance needs.
• Partner cross-functionally with DevOps, MLOps, and Engineering teams to integrate security principles early into the software development lifecycle.
• Educate and mentor engineering teams on secure coding practices, DevSecOps best practices, and infrastructure hardening techniques.

Requirements

Minimum Qualifications:

• Bachelor’s degree in Computer Science, Computer Engineering, Information Security, or a related technical field.
• 8+ years of progressive experience in DevOps, Site Reliability Engineering, Infrastructure Security, or Information Security roles.
• Hands-on experience securing cloud environments (AWS, Azure, or GCP) and automating security operations through tools like Terraform, GitHub Actions, or Jenkins.
• Ability to code in Python, GoLang, or another language.
• Strong background in Kubernetes security, container hardening, secrets management, and network security.
• Hands-on knowledge of secure coding practices in Python, GoLang, or JavaScript/TypeScript.
• Experience with vulnerability management tools, infrastructure as code (IaC) scanning, security event monitoring (e.g., Datadog, Prometheus, or Splunk), and incident response.

Preferred Qualifications:

• Experience operating in a highly regulated industry, particularly healthcare, and familiarity with HIPAA, PCI, SOC2, and HITRUST compliance frameworks.
• Knowledge of MLOps platforms and security of machine learning workflows (e.g., MLFlow, Kubeflow, SageMaker).
• Prior experience leading security initiatives within CI/CD pipelines and Infrastructure-as-Code ecosystems.
• Strong communication skills with the ability to collaborate with engineering teams and leadership to drive security initiatives.

Additional Information

Additional Physical Job Requirements:

• Ability to work at a computer terminal with monitor, keyboard, and mouse for extended periods.
• Ability to stoop, bend, and reach for equipment and supplies.
• Ability to make frequent repetitive motions required to operate a computer, including wrists, hands, and fingers.
• Ability to lift, carry, push, pull, and move light objects up to 20 pounds.
• Ability to effectively communicate through verbal interactions.
• Ability to discern auditory information.
• Ability to visually perceive details to perform essential functions of the role.