DevSecOps Engineer

At Towne Park, it’s more than a job, you can make an impact.

A career with us is rewarding in more ways than one.

As a hospitality services company, our commitment is to create smiles by delivering exceptional experiences. When you work with us, you have an opportunity to impact the millions of patients, visitors and guests we proudly serve. Whether providing compassionate service that eases the anxiety of a patient and their family, creating a memorable experience for a guest in a new city, or helping a colleague, every day is a new opportunity to brighten someone else’s day and make an impact. When we see a customer, a client or one of our own team members smile, we know we made an impact. It’s why we do what we do.

Towne Park is a place where you can make a difference and create smiles every day.

Click here for important notices that may be applicable to you.

For more information about our privacy policy, please click here.

DevSecOps Engineer will own how software ships and how our cloud infrastructure stays secure — from pipeline to production.
This is a hands-on, end-to-end ownership role. Will design and operate our Azure CI/CD pipelines, codify our infrastructure and security policies, and drive remediation of security findings across the environment. Will work directly with application engineers and leadership.

Reasonable accommodations may be made to enable individuals with disabilities to perform all functions.

CI/CD & Release Engineering (Azure DevOps) 20%

• Design, build, and maintain CI/CD pipelines in Azure DevOps (YAML pipelines) for application and infrastructure deployments
• Implement multi-stage release workflows with environment promotion (dev → staging → production), approval gates, and automated rollback
• Establish branch policies, PR validation builds, and quality gates (test coverage, build health)
• Own deployment reliability: zero-downtime deployment patterns (blue/green, canary), release cadence, and deployment metrics (lead time, change failure rate, MTTR)
• Manage build agents, artifact feeds, and container registries (ACR)

2. Infrastructure as Code (20%)

• Partner closely with engineering teams to integrate security into development workflows without reducing delivery velocity.
• Develop secure coding guidance, reusable security patterns, and self-service security capabilities.
• Support security champion programs and security awareness initiatives for technical teams.
• Author and maintain all cloud infrastructure as code using Terraform and/or Bicep — no click-ops in production
• Build reusable IaC modules for common patterns (networking, app services, databases, key vaults)
• Implement state management, drift detection, and plan/apply review workflows integrated into pipelines
• Manage environment parity and configuration across dev, staging, and production
• Drive cost visibility and right-sizing through tagging standards and IaC-enforced resource policies

3. Policy as Code & Governance 3 (25%)

• Define and enforce guardrails using Azure Policy (built-in and custom definitions) across subscriptions and management groups
• Implement policy-as-code workflows so governance changes go through version control and CI, not the portal
• Enforce standards automatically: allowed regions and SKUs, mandatory encryption, network restrictions, required tags, diagnostic settings
• Integrate compliance scanning into pipelines (e.g., Checkov, tfsec, PSRule) so non-compliant infrastructure fails before deployment
• Automate collection and reporting of security control evidence to support compliance and audit requirements.
• Maintain audit-ready documentation and technical control mappings across applicable regulatory frameworks.
• Maintain audit-ready evidence of control enforcement to support SOC 2 / PCI DSS compliance efforts

4. Security Operations & Remediation (25%)

• Facilitate threat modeling exercises for applications, cloud services, APIs, and infrastructure platforms.
• Identify security design risks early in the software development lifecycle and recommend mitigation strategies.
• Design and implement secure network architectures including segmentation, private networking, web application firewalls (WAF), and cloud-native security controls.
• Monitor and remediate network exposure risks and cloud security misconfigurations.
• Support secure connectivity models including VPN, private endpoints, service meshes, and zero-trust networking architectures.
• Own vulnerability management end to end: scanning (SAST, dependency/SCA, container image, DAST), triage, severity-based remediation SLAs, and tracking to closure
• Remediate infrastructure-level findings directly (misconfigurations, patching, network exposure, identity over-permissioning); route application-code findings to engineering teams with clear severity, context, and deadlines
• Administer secrets management (Azure Key Vault) — no secrets in code, pipelines, or configuration files
• Implement and tune Microsoft Defender for Cloud and security monitoring/alerting; lead initial response and containment for security incidents
• Manage identity and access: Entra ID, RBAC least-privilege reviews, service principals/managed identities, PIM for elevated access
• Harden the network layer: NSGs, private endpoints, WAF, segmentation between environments

5. Feature Delivery Enablement (10%)

• Implement feature flag infrastructure (e.g., Azure App Configuration / LaunchDarkly) to decouple deployment from release
• Support progressive rollouts, A/B exposure controls, and kill switches for safe feature launches
• Partner with application engineers to make shipping fast and safe — your job is to remove friction, not add gates
• Support feature flag platforms and progressive delivery capabilities to enable secure, controlled feature releases.
• Implement kill-switch and rollback mechanisms to reduce deployment risk.

Education:

B.S. or Major in Computer Science

Required Licensure, Certification, etc.:

• Preferred: AZ-400, AZ-500, or equivalent

Work Experience:

• 5+ years in DevOps/SRE/Platform roles, with at least 2 years of hands-on security ownership (DevSecOps, AppSec, or CloudSec)

Knowledge & Skills:

• Deep, demonstrable Azure experience: App Services / AKS / Functions, networking, Entra ID, Key Vault, Defender for Cloud
• Expert with Azure DevOps: YAML pipelines, release management, branch policies, artifact management
• Production experience with Terraform or Bicep (both a plus), including module design and state management
• Hands-on experience with Azure Policy or equivalent policy-as-code tooling (OPA/Rego, Sentinel, Checkov, PSRule)
• Proficiency in at least one scripting language (PowerShell, Python, or Bash)
• Track record of remediating security findings yourself — not just filing tickets
• Strong communication: able to explain risk in business terms and influence engineers without formal authority

Authority to Act: Performs duties independently with minimal supervision, operating from specific and definite directions and instructions. Decisions are of a routine nature made within prescribed operating guidelines, policies and procedures. Mistakes/errors may result in work stoppage, loss of business, poor customer relations and/or damage to product, all of which can have negative financial implications for the organization.

Budget Responsibility: The employee has control over resources available only.

The working conditions and physical demands described here are representative of those that must be met by an associate to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Physical Requirements

While performing the duties of this job, the employee is regularly required to talk or hear. The employee frequently is required to sit or stand for extended periods of time and may be required to run; walk; handle or feel objects, tools or controls; reach with hands and arms; climb stairs; balance; stoop, kneel, crouch or crawl. Specific vision abilities required by the job include close vision, distance vision, color vision, peripheral vision, depth perception, and the ability to adjust focus.

Lifting Requirements

Exerting up to 50 pounds of force occasionally, and/or up to 25 pounds of force frequently, and/or greater than 10 pounds of

Force constantly to move objects.

Working Environment

The majority of work will be performed in climate-controlled environment, but may be exposed to inclement weather and varying

degrees of temperatures on occasion.

Travel

Travel of up to 15% may be required.