Engineering Manager, Security Engineering (DevSecOps)

Help Us Shape the Future of Healthcare 

At League, we’re big on building connections - both through our product and with each other. Our platform is consumer centric, personalized and always on. We’re reimagining the health benefits experience to give people a more consumer-centric way to manage their health: immediate, seamless, and tailored to their unique needs. It’s a front door to healthcare that empowers people to live healthier, happier lives. Every day.

The Role

League’s Security Engineering teams are responsible for scaling security in the development lifecycle and managing security incident management. We believe in security by design and follow a paved road philosophy by building or buying tools that we can integrate into our platform to ultimately make it easier for our engineers to do the right thing. As a DevSecOps Manager you will care deeply about “what we build, how we build it, where it runs, and beyond”. You have peers in Security Engineering who care about “building secure apps” at League, your role is to ensure the correct processes are applied to our application, and that the environment it lives in is secure. This role will focus on Secure Build, Deployment Gatekeeping, Secure Infrastructure, and Automated Reporting. DevSecOps Engineers on our DevSecOps team take pride in how fast and how far we can scale security. Security isn’t the last check before go-live, it’s baked into the Development Lifecycle.

As always, if this is your skillset we encourage you to apply. We also accept and encourage applicants who have existing software engineering experience and want to explore security and applicants who may have done a security program in a post-secondary institution. There are people across the engineering organization who are ready to help grow technical skills and who want to learn more about security.

In this role, you will:

• Be capable of writing and reviewing code at a Senior Engineer level, although this may not take a significant amount of your day
• Manage and Run a Software Team in an Agile fashion producing Roadmaps and helping to paint a vision for the future of Security
• Be expected to manage multiple tools and configurations in an “as code” way and be at the front of the Security as Code movement. 
• We have high expectations for repeatability and configurability, you will have similar.
• You’ll be a candidate who sees the manual context of current security insufficient and should be more automation oriented.
• Ensure our Infrastructure is abiding by the latest Security standards, managing infrastructure changes and configuration with Code
• Secure our Kubernetes footprint inside and out, including deployment
• Secure and Audit the build process ensuring quality
• Author and distribute security controls integrated into pipeline tooling
• Own our Security tooling (Snyk, Veracode, Wiz, Falco, OPA)
• Balance the Build vs Buy decision, understanding the inner workings of tools and how best to leverage them in an ecosystem to benefit us, the customer.
• Work together with technical individuals in our security, platform, and product functions to drive security into their tools and processes

 About You:

• You have a degree in a security, computer science or software engineering from a reputable post-secondary institution
• You have between 4 and 7 years of experience within Cloud Security and/or DevSecOps
• You have experience with a CSPM (Wiz, Snyk)
• You have knowledge regarding security tools (Sysdig, Snyk, Trivvy, Sonarqube)
• You are able to write code in Python, Go or similar higher level languages
• You are proficient in one or more clouds. GCP, AWS, Azure, or similar
• You may have authored, owned, and operated a Kubernetes Application stack before
• You may have experience with Serverless Eventing/Serving (Lambda, CloudRun, Knative)
• You have Infrastructure as Code (Terraform, Ansible) experience
• You have managed (at scale) pipeline infrastructure distributing pipeline files to application repositories with one of the major vendors (Github, Gitlab, Jenkins, CircleCI, Tekton)
• You have experience rolling out and integrating new tooling, security or otherwise
• You have intimate knowledge of the complete SDLC and how to build, gate, and govern it
• You enjoy reading up on the latest security topics.
• You are a collaborator at your core