DevSecOps Lead – Healthcare AI

Job Title Dev Sec Ops  Lead
Location Remote, located in the US;
Partial in-person, San Francisco Bay Area
Department Engineering
Reports To SVP, Engineering

We are seeking an experienced and visionary Dev Sec Ops  Leader to establish and drive the security-first culture and practice across our engineering organization. The ideal candidate will possess deep expertise in cloud security, compliance (HIPAA, SOC2, HITRUST), and modern CI/CD pipelines, specifically applied to an Artificial Intelligence (AI) and Machine Learning (ML) product suite in the healthcare technology space. This role is critical to ensuring our AI platform maintains the highest standards of availability, integrity, security and confidentiality while rapidly scaling and evolving.

• Establish Dev Sec Ops : Architect, implement, and lead the company’s Dev Sec Ops  program, embedding security practices, automation, and tooling directly into the CI/CD pipeline for our core AI/ML platform.
• Compliance & Governance: Ensure all development and operational practices adhere to healthcare regulations, including HIPAA, SOC2 and HITRUST, maintaining a
• Security Vision: Define the long-term security strategy for our cloud-native infrastructure (e.g., Kubernetes, serverless) and MLOps environment, prioritizing security-by-design.continuous state of compliance. This includes leading the efforts to respond to any AI-governance or compliance reviews required by our customers and partners.
• Security Architecture & Automation
  • Pipeline Security: Implement automated security testing tools (SAST, DAST, SCA, IAST) in pre-production environments.
  • Infrastructure as Code (IaC) Security: Secure cloud infrastructure (e.g., Terraform/Cloud Formation) and container orchestration platforms (Kubernetes/Docker) through configuration hardening, policy enforcement, and drift detection.
  • Data Security: Design and manage secrets management solutions, key management services (KMS), data encryption at rest and in transit, and secure data access controls, particularly for sensitive Protected Health Information (PHI).
  • Application Hardening: Collaborate with application development teams to advise on secure coding practices, API security, and vulnerability remediation.
• Operations & Monitoring
  • Threat Modeling: Conduct regular threat modeling exercises for new features and system architecture changes.
  • Incident Response: Develop and maintain incident response plans for security events, leading the coordination and post-mortem analysis of security incidents.
  • Disaster Recovery: Respond to system outages and breaches, to coordinate prompt recovery of services and data.
  • Continuous Monitoring: Oversee log aggregation, security information and event management (SIEM), pen testing and real-time vulnerability scanning.
  • Business Continuity: Ensure that our infrastructure remains highly available at scale for our customers and partners.

• 8+ years of experience in Information Security, with 3+ years in a leadership role driving Dev Sec Ops  transformation.
• Deep practical experience securing cloud environments (preferably GCP) and modern infrastructure components (Containers, Kubernetes, Serverless).
• Expertise in healthcare compliance standards (HIPAA/HITRUST) and demonstrable experience implementing controls required for certification/audit.
• Proficiency with CI/CD tools (e.g., Git Lab CI, Git Ops, etc.) and implementing security gates.
• Strong knowledge of networking, operating systems, identity and access management (IAM), and encryption technologies.
• Bachelor’s degree in Computer Science, Information Security, or a related field.

• Experience with MLOps security, including securing data pipelines, model registries, feature stores, and adversarial robustness testing for AI models.
• Security certifications such as CISSP, CISM, or relevant cloud security certifications (e.g., AWS Security Specialty, Google Cloud Professional Security Engineer).
• Experience in a fast-paced, high-growth healthcare technology startup or scale-up environment.

• We are looking for a collaborative leader who promotes ‘we all own security’ and…