Provation is a leading provider of clinical productivity software solutions for procedure documentation (Provation® MD and Provation® Apex), order set and care plan management (Provation® Order Sets and Provation® Care Plans), practice management, electronic medical records (EMR) and report writing (MD-Reports) and perioperative documentation (Provation® MultiCaregiver). Celebrating 25 years, we proudly serve more than 3,300 hospitals, ambulatory surgery centers (ASCs) and medical offices, including 42 of the top 50 U.S. hospitals for gastroenterology (GI) and GI surgery. Provation is headquartered in Minneapolis, MN.
Provation is seeking a DecSecOps Engineer who will champion efforts to enhance security of our public and private cloud infrastructure. Using industry best practices and security frameworks such as ISO 27001 and NIST, the DevSecOps role will help drive security automation and innovation across various cloud services and assist in security operations across the organization. The role will be responsible for working in a cross-functional manner across many different teams and product lines within the Provation ecosystem and requires strong communication skills, a knack for problem-solving and the ability to work independently.
Duties & Responsibilities:
- Responsible for helping build and maintain secure SDLC practices with a code first mentality in efforts towards continuous improvement that meet evolving security and compliance requirements.
- Self-motivated for opportunities to automate tasks pertaining to container security, hardening, baselining, vulnerability scanning, vulnerability scanning, pen testing, and CI/CD.
- Analyze, triage, and manage incoming security events based on various data points, log sources and network statistics.
- Assist the Security & Compliance team during audits and proactively identify methods for automation of evidence collection.
- Build and maintain holistic dashboards and automated reports to display the overall status of our secured environments for internal and external audiences.
- Other duties and projects as assigned.
Education & Experience
- Associate degree in a Computer Science, or related field, and two years’ experience with IT security operations, or equivalent combination of education and experience.
- Experience with DevOps, and familiarity with security standards and compliance frameworks including ISO 27001, SOC, HIPAA, HITRUST, NIST, etc.
- Experience using Azure, Code Deployment, Barracuda, NGINX, SDLC, SEIM, and OWASP is preferred
- Must have (or willingness to obtain) industry standard security certifications.
- Willingness to learn new technologies and work in a fast paced, growing and rapidly changing environment.
- Community: We have a shared sense of improving healthcare, enriching the broader world we live in and serve.
- Accountability: We own it and get it done with integrity.
- Respect: We build diverse teams that collaborate and communicate with positive intent and trust.
- Excellence: We welcome new ideas as we innovate quality solutions.
- Service: We are passionate about putting customers first.
The above statements are intended to describe the general nature and level of work being performed by most people assigned to this job. They are not intended to be an exhaustive list of all duties and responsibilities and requirements.