Development Security Operations (DevSecOps) Engineer
Boston, MA

Job Description

ABOUT FOUNDATION MEDICINE:

Foundation Medicine, Inc. (FMI) began with an idea-to simplify the complex nature of cancer genomics, bringing cutting-edge science and technology to everyday cancer care. Our approach generates insights that help doctors match patients to more treatment options and helps accelerate the development of new therapies. Foundation Medicine is the culmination of talented people coming together to realize an important vision, and the work we do every day impacts real lives.

ABOUT THE JOB:

The Development Security Operations (DevSecOps) Engineer is responsible for shepherding the maintenance and adoption of Cloud Security requirements. This includes creating Cloud requirement documents and proactively engaging with developers and engineers to ensure secure systems. The priority of this role is to provide business value by working with our application teams and infrastructure engineers to identify security gaps and facilitate the plan to remediate. DevSecOps Engineers may provide contributions to all aspects of our deployment methods including design, provisioning, monitoring, automation, and maintenance of our software suite, always with a primary focus on integrating security practices within DevOps operations and systems.

Key Responsibilities:

* Develop, maintain and roll out Cloud Security requirements and best practices.


* Develop reference architecture code to guide FMI engineering teams.


* Create solutions to ensure Cloud Security requirements are followed.


* Collaborate with developers and Cloud engineers to design secure systems.


* Collaborate with developers and Cloud engineers to create secure frameworks based on Cloud Security requirements.


* Conduct research on new security tools for each new project and on a regular basis for ongoing initiatives.


* Evaluate and recommend Cloud Security tools to applicable stakeholders and teams.


* Maintain and roll out Cloud Security tools used to monitor and alert.


* Be the subject matter expert for Cloud Security in response to engineering requests.


* Collaborate on the creation and maintenance of the Cloud Security documentation.


* Perform risk and threat assessments of new and existing applications.


* Perform incidence response for Cloud Security event.


* Be vigilant on assessing and discovering new threat vectors.


* Create, review, modify, and update AWS Cloud Formation and Jenkins scripts.


* Complete scripting and building of required automation and tools on an ad-hoc basis.


* Deliver solutions in an Agile methodology.


* Other duties as assigned.



QUALIFICATIONS:

Basic Qualifications:

* Bachelor's Degree.


* 3 years of work experience in DevOps.



Preferred Qualifications:

* Degree in Computer Science or a related engineering field.


* Strong background in automation.


* Ability to successfully balance security risk and business value.


* Ability to manage time-sensitive challenges as they arise.


* Strong diplomacy and interpersonal skills that include excellent skills in written communication, oral communication, collaboration, and problem solving with other departments and colleagues.


* Strong documentation skills.


* Amazon Web Service experience.


* Cloudformation development and maintenance experience.


* Experience working with industry standard cybersecurity frameworks, such as NIST CSF, ISO 27001, CIS Benchmarks, HITRUST, etc.


* Familiarity with the Atlassian toolset including Jira and Confluence.


* Experience in managing or designing cloud deployment software.


* Scripting in Powershell as well as experience with windows automation.


* Solid understanding of JSON, XML, and related notational data representations.


* Knowledge of version control software such as Git.


* Experience with CI/CD processes and toolsets.


* Working knowledge of both Linux (RHEL and CentOS) and Windows environments.


* Understanding of HIPAA and importance of privacy of patient data.


* Excellent organization and attention to detail.



Foundation Medicine is proud to be an Equal Opportunity and Affirmative Action employer and considers all qualified applicants for employment without regard to race, color, religion, sex, gender, sexual orientation, gender identity, ancestry, age, or national origin. Further, qualified applicants will not be discriminated against on the basis of disability or protected veteran status. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. See also FMI's EEO Statement and EEO is the Law and Supplement. If you have a disability or special need that requires accommodation, please let us know by completing this form. (EOE/AAP Employer)

To all recruitment agencies: Foundation Medicine does not accept agency resumes. Please do not forward resumes to our jobs alias, Foundation Medicine employees or any other organization location. Foundation Medicine is not responsible for any fees related to unsolicited resumes.