#

© Copyright Ellipsis Health®, Inc. 2025. All rights reserved.

Contact us
bg

DevSecOps Lead – Healthcare AI

DevSecOps Lead – Healthcare AI

Job Title DevSecOps Lead
Location Remote, located in the US; Partial in-person, San Francisco Bay Area
Department Engineering
Reports To SVP, Engineering

We are seeking an experienced and visionary DevSecOps Leader to establish and drive the security-first culture and practice across our engineering organization. The ideal candidate will possess deep expertise in cloud security, compliance (HIPAA, SOC2, HITRUST), and modern CI/CD pipelines, specifically applied to an Artificial Intelligence (AI) and Machine Learning (ML) product suite in the healthcare technology space. This role is critical to ensuring our AI platform maintains the highest standards of availability, integrity, security and confidentiality while rapidly scaling and evolving.

Responsibilities

  • Strategy & Leadership
    • Establish DevSecOps: Architect, implement, and lead the company’s DevSecOps program, embedding security practices, automation, and tooling directly into the CI/CD pipeline for our core AI/ML platform.
    • Compliance & Governance: Ensure all development and operational practices adhere to healthcare regulations, including HIPAA, SOC2 and HITRUST, maintaining a
    • Security Vision: Define the long-term security strategy for our cloud-native infrastructure (e.g., Kubernetes, serverless) and MLOps environment, prioritizing security-by-design.continuous state of compliance.  This includes leading the efforts to respond to any AI-governance or compliance reviews required by our customers and partners.
  • Security Architecture & Automation
    • Pipeline Security: Implement automated security testing tools (SAST, DAST, SCA, IAST) in pre-production environments.
    • Infrastructure as Code (IaC) Security: Secure cloud infrastructure (e.g., Terraform/CloudFormation) and container orchestration platforms (Kubernetes/Docker) through configuration hardening, policy enforcement, and drift detection.
    • Data Security: Design and manage secrets management solutions, key management services (KMS), data encryption at rest and in transit, and secure data access controls, particularly for sensitive Protected Health Information (PHI).
    • Application Hardening: Collaborate with application development teams to advise on secure coding practices, API security, and vulnerability remediation.
  • Operations & Monitoring
    • Threat Modeling: Conduct regular threat modeling exercises for new features and system architecture changes.
    • Incident Response: Develop and maintain incident response plans for security events, leading the coordination and post-mortem analysis of security incidents.
    • Disaster Recovery: Respond to system outages and breaches, to coordinate prompt recovery of services and data.
    • Continuous Monitoring: Oversee log aggregation, security information and event management (SIEM), pen testing and real-time vulnerability scanning.
    • Business Continuity: Ensure that our infrastructure remains highly available at scale for our customers and partners.

Required Skills & Experience

  • 8+ years of experience in Information Security, with 3+ years in a leadership role driving DevSecOps transformation.
  • Deep practical experience securing cloud environments (preferably GCP) and modern infrastructure components (Containers, Kubernetes, Serverless).
  • Expertise in healthcare compliance standards (HIPAA/HITRUST) and demonstrable experience implementing controls required for certification/audit.
  • Proficiency with CI/CD tools (e.g., GitLab CI, GitOps, etc.) and implementing security gates.
  • Strong knowledge of networking, operating systems, identity and access management (IAM), and encryption technologies.
  • Bachelor’s degree in Computer Science, Information Security, or a related field.

Preferred Skills & Experience

  • Experience with MLOps security, including securing data pipelines, model registries, feature stores, and adversarial robustness testing for AI models.
  • Security certifications such as CISSP, CISM, or relevant cloud security certifications (e.g., AWS Security Specialty, Google Cloud Professional Security Engineer).
  • Experience in a fast-paced, high-growth healthcare technology startup or scale-up environment.

Cultural Alignment

  • We are looking for a collaborative leader who promotes “we all own security” and “security by design” mindsets. The ability to articulate complex security risks to non-technical stakeholders and partner with product managers and clinicians is essential. You must be passionate about applying cutting-edge security practices to technology that improves patient care.

Why Join Us?

  • Work on technology that improves access, equity, and outcomes in healthcare
  • Collaborate with a mission-driven team that blends AI innovation with clinical integrity
  • Help shape the future of how patients interact with care through ethical, high-impact design

Background Checks

  • As a health technology company, we reserve the right to run a background check on any applicant to which we extend an offer and to re-perform any such check at any time during the course of employment. Please know that there is no set policy on rejecting candidates because of certain background check results, and that we look at a candidate as a whole before making any decisions. We comply with all “ban the box” laws in applicable jurisdictions.

Salary and Benefits

  • We offer competitive salary of $170k-$200+k and benefits, including a 401k that matches up to 4% of your salary, health, vision, and dental insurance, and very flexible paid time off.

Apply Now | Please email resume to careers@ellipsishealth.com