Principal DevSecOps Engineer

Описание вакансии

The Principal DevSecOps Engineer will serve as a senior technical leader within the DevSecOps Center of Excellence (CoE), driving automation, security, observability, and cost optimization across the enterprise. This role operates at the CoE level—establishing global standards, frameworks, reusable automation modules, and governance that enable consistent and secure software delivery at scale.

This individual will act as a technical authority, mentor, and cross-functional collaborator, ensuring that DevSecOps best practices are applied across CI/CD pipelines, infrastructure-as-code (IaC), cloud security, and FinOps. The role requires strong hands-on expertise in DevSecOps tooling, a deep understanding of modern cloud-native architectures, and the ability to influence product teams through thought leadership, frameworks, and reusable solutions.

Key Responsibilities 

Technical Leadership & CoE Governance 

• Act as the technical lead for the DevSecOps CoE, driving strategy and execution of security, automation, and observability practices.

• Design and maintain reusable CI/CD frameworks, IaC modules, and security guardrails for consistent adoption across all product lines.

• Define, document, and enforce DevSecOps standards, policies, and best practices.

• Mentor embedded DevSecOps engineers and provide guidance on pipeline design, automation, cost optimization and compliance.

CI/CD Architecture & Automation 

• Architect and optimize CI/CD pipelines (GitHub Actions, GitLab CI, ArgoCD, Jenkins, Artifactory, Veracode) to enable frequent, secure deployments.

• Integrate SAST, SCA, DAST, and container scanning into delivery workflows.

• Establish GitOps practices using Terraform, Pulumi, or Crossplane for infrastructure provisioning.

• Track and drive improvements in DORA metrics (deployment frequency, lead time, MTTR, change failure rate).

Security, Compliance & Observability 

• Implement “shift-left” security by embedding security testing and compliance automation into pipelines.

• Partner with Security and SRE teams to enforce SLIs, SLOs, and error budgets in delivery pipelines.

• Advance unified observability initiatives by integrating New Relic, Datadog, Prometheus, Grafana, OpenTelemetry, and CloudWatch into pipelines.

• Ensure compliance with HIPAA, SOC2, GDPR, and internal governance frameworks.

FinOps & Cost Governance 

• Build cost-awareness into CI/CD and IaC workflows by embedding FinOps checks and cost gates.

• Collaborate with FinOps and Cloud teams to enforce cost tagging, rightsizing, and efficiency standards.

• Provide insights and automation for cloud cost optimization across AWS services (EKS, ECS, EC2, S3, RDS, containers).

Cross-Functional Collaboration 

• Partner with Engineering, Product, SRE, and Security leaders to align on standards and frameworks.

• Drive knowledge sharing and enablement through playbooks, templates, documentation, and internal CoP (Community of Practice) sessions.

• Act as the escalation point for complex DevSecOps technical challenges across teams.

Qualifications & Experience 

Required 

• 15+ yearsin DevOps, Cloud, or Security Engineering, with expert-level technical leadership in DevSecOps.

• Strong expertise in CI/CD pipeline design, automation, and governance.

• Hands-on with CI/CD tools: GitHub Actions, GitLab CI, ArgoCD, Artifactory, Jenkins, Veracode, SonarQube.

• Deep experience with cloud security and AWS services (IAM, KMS, GuardDuty, Security Hub, CloudTrail).

• Proficiency in containers & orchestration (Docker, Kubernetes, EKS, ECS).

• Strong hands-on with Infrastructure-as-Code and GitOps (Terraform, Pulumi, Crossplane, CloudFormation).

• Familiarity with observability platforms (New Relic, Datadog, Prometheus, Grafana, OpenTelemetry, CloudWatch).

• Programming/scripting expertise in Python, Go, C#, and shell scripting.

• Knowledge of DORA metrics and proven success in improving delivery performance.

• Practical experience with FinOps practices and cost governance.

Preferred 

• Experience in large-scale SaaS or healthcare environments.

• Knowledge of databases: MongoDB, Elasticsearch, SQL Server, Oracle.

• Certifications: AWS Security Specialty, CKA/CKAD, FinOps Certified Practitioner, CISSP, CCSP.

• Strong ability to influence across global teams without direct authority.

Estimated Salary Range: $182,000 - $214,000 plus bonus

The base salary range represents the anticipated low and high end of the GHX’s salary range for this position. The base salary is one component of GHX’s total compensation package for employees. Other rewards and benefits include: health, vision, and dental insurance, accident and life insurance, 401k matching, paid-time off, and education reimbursement, to name a few. To view more details of our benefits, visit us here: https://www.ghx.com/about/careers/

#LI-SR

GHX: It's the way you do business in healthcare

Global Healthcare Exchange (GHX) enables better patient care and billions in savings for the healthcare community by maximizing automation, efficiency and accuracy of business processes.

GHX is a healthcare business and data automation company, empowering healthcare organizations to enable better patient care and maximize industry savings using our world class cloud-based supply chain technology exchange platform, solutions, analytics and services. We bring together healthcare providers and manufacturers and distributors in North America and Europe - who rely on smart, secure healthcare-focused technology and comprehensive data to automate their business processes and make more informed decisions.

It is our passion and vision for a more operationally efficient healthcare supply chain, helping organizations reduce - not shift - the cost of doing business, paving the way to delivering patient care more effectively. Together we take more than a billion dollars out of the cost of delivering healthcare every year. GHX is privately owned, operates in the United States, Canada and Europe, and employs more than 1000 people worldwide. Our corporate headquarters is in Colorado, with additional offices in Europe.

*Disclaimer*

Global Healthcare Exchange, LLC and its North American subsidiaries (collectively, “GHX”) provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, national origin, sex, sexual orientation, gender identity, religion, age, genetic information, disability, veteran status or any other status protected by applicable law. All qualified applicants will receive consideration for employment without regard to any status protected by applicable law. This EEO policy applies to all terms, conditions, and privileges of employment, including hiring, training and development, promotion, transfer, compensation, benefits, educational assistance, termination, layoffs, social and recreational programs, and retirement.GHX believes that employees should be provided with a working environment which enables each employee to be productive and to work to the best of his or her ability. We do not condone or tolerate an atmosphere of intimidation or harassment based on race, color, national origin, sex, sexual orientation, gender identity, religion, age, genetic information, disability, veteran status or any other status protected by applicable law. GHX expects and requires the cooperation of all employees in maintaining a discrimination and harassment-free atmosphere. Improper interference with the ability of GHX’s employees to perform their expected job duties is absolutely not tolerated.

Read our GHX Privacy Policy