4+ Fortify Jobs in India

About NonStop io Technologies

NonStop io Technologies is a value-driven company with a strong focus on process-oriented software engineering. We specialize in Product Development and have a decade's worth of experience in building web and mobile applications across various domains. NonStop io Technologies follows core principles that guide its operations and believes in staying invested in a product's vision for the long term. We are a small but proud group of individuals who believe in the 'givers gain' philosophy and strive to provide value in order to seek value. We are committed to and specialize in building cutting-edge technology products and serving as trusted technology partners for startups and enterprises. We pride ourselves on fostering innovation, learning, and community engagement. Join us to work on impactful projects in a collaborative and vibrant environment.

Brief Description

We are looking for a skilled DevSecOps Engineer who can help design, automate, and secure cloud-native platforms for healthcare and life sciences clients. The ideal candidate will have hands-on experience with cloud security, infrastructure automation, CI/CD pipelines, compliance controls, and platform operations in regulated environments.

You will work closely with engineering teams, architects, security stakeholders, and client representatives to build secure-by-design systems that meet healthcare security and compliance requirements. Experience supporting AI/ML platforms, healthcare data platforms, or regulated workloads is highly desirable.

Roles and Responsibilities

• Design and implement security controls aligned with healthcare regulations, including HIPAA, HITRUST, and industry security best practices
• Ensure secure handling of Protected Health Information (PHI), Personally Identifiable Information (PII), and sensitive healthcare datasets
• Support client security reviews, vendor assessments, penetration testing remediation, and compliance audits
• Partner with engineering teams to establish secure SDLC practices and shift-left security initiatives
• Implement cloud governance policies, security baselines, and compliance automation across multiple client environments
• Build and maintain audit-ready logging, monitoring, and evidence collection mechanisms
• Support disaster recovery, business continuity, and security incident response processes
• Collaborate with healthcare product teams working on FHIR APIs, healthcare integrations, clinical applications, genomics platforms, or AI-enabled healthcare solutions
• Experience working with healthcare, life sciences, biotech, genomics, digital health, or regulated SaaS platforms is strongly preferred
• Understanding of PHI, PII, healthcare security controls, and healthcare compliance requirements
• Familiarity with healthcare interoperability standards such as FHIR, HL7, SMART on FHIR, or healthcare APIs is a plus
• Experience securing healthcare data platforms, analytics environments, AI/ML workloads, or regulated cloud environments is highly desirable
• Ability to work directly with client stakeholders and communicate security risks, recommendations, and remediation plans
• Experience participating in security assessments, audits, compliance reviews, and client-facing technical discussions
• Strong documentation and security governance skills

Requirements

• 4–7 years of experience in DevOps, DevSecOps, SRE, or Platform Engineering
• Strong experience with AWS, Azure, or GCP and cloud security best practices
• Hands-on experience with CI/CD tools such as Jenkins, GitHub Actions, GitLab CI, or Azure DevOps
• Experience with security tools, including SonarQube, Snyk, Checkmarx, Fortify, Veracode, or similar platforms
• Strong understanding of vulnerability management, IAM, threat detection, and security scanning
• Experience implementing compliance controls aligned with one or more of the following frameworks:
• HIPAA
• HITRUST
• SOC 2
• ISO 27001
• NIST Cybersecurity Framework
• PCI-DSS (where applicable)
• FDA-regulated software environments (preferred)
• Proficiency with Terraform, CloudFormation, ARM, Docker, Kubernetes, Linux, and shell scripting
• Experience with monitoring and observability tools such as Prometheus, Grafana, ELK, or Datadog
• Exposure to MLOps/AI platforms, model deployment, or AI workload management is desirable
• Strong troubleshooting, automation, networking, and cloud security skills

Why Join Us?

• Opportunity to work on a cutting-edge healthcare product
• A collaborative and learning-driven environment
• Exposure to AI and software engineering innovations
• Excellent work ethic and culture

If you're passionate about technology and want to work on impactful projects, we'd love to hear from you!

Requirements:

• Overall experience in the field of Information risk and security related initiatives/ projects.
• Experience in the areas of Infrastructure Security Audit, IT Security, Vulnerability Assessment, Risk Assessment, Web Application Security, Network Security Review, Network Architecture Review, Mobile Application Security Testing, Configuration Review, Source Code Review, Wireless Pentest, Process Review etc.
• Ability to understand business concepts and integrate business risk elements into security operations.
• Experience in conducting VAPT.
• Experience with web application vulnerability scanning tools (e.g., IBM AppScan, HP Web inspect, Acunetix, NTO Spider, BurpSuite Pro).
• Strong ethics and understanding of ethics in business and information security.
• Should have exposure to Code review, Network VA/PT and App VA/PT work.
• Understanding and familiarity with common code review methods and standards.
• Experience with code scanning toolsets such as Fortify and Ounce.
• Understanding of HTTP and web programming.
• Knowledge of OWASP tools and methodologies, common security requirements within ASP.NET application, standard SDLC practices.
• Knowledge of Network Security technology in areas of Firewall, IPS, VPN, Gateway security solutions (proxy, web filtering).
• In-depth understanding on Common Vulnerability Exposure (CVE)/ Cert advisory database.