DevSecOps Engineer (Mid/Sr)

As our first dedicated DevSecOps Engineer at Everfit, you’ll be responsible for embedding security into every stage of our development and operations processes. You’ll work closely with DevOps and engineering teams to secure our cloud infrastructure, applications, and internal systems while aligning with industry standards like ISO 27001, HIPAA, and GDPR. You’ll also play a key role in our architectural transition from a monolith to a secure, scalable, multi-region microservices platform — ready for data-driven insights and AI/ML evolution.What you’ll do at Everfit:Security Engineering & OperationsConduct regular penetration tests and vulnerability assessments.Monitor security alerts and logs to detect and respond to threats.Manage vulnerability scanning tools and patching cycles.Access & AuthenticationImplement SSO (Google Login) across all services.Enforce MFA, RBAC, and the principle of least privilege.Strengthen API authentication and authorization mechanisms.Cloud & Infrastructure SecuritySecure AWS/GCP resources, including networking and IAM.Integrate security checks into CI/CD pipelines.Apply Infrastructure-as-Code (IaC) security best practices.Governance, Compliance & AwarenessDevelop and enforce security policies and internal documentation.Support internal audits and compliance efforts (HIPAA, GDPR).Lead security awareness and training programs for staff.Incident Response & ImprovementDevelop and maintain an incident response plan.Provide ongoing recommendations for enhancing security posture.Stay current with emerging threats and solutions.