• Lead and coordinate end-to-end incident response for high-severity security events within a 24/7 global on-call model, with this role operating during U.S. business hours. • Prepare clear executive communications that keep stakeholders informed during incidents • Investigate complex security incidents across cloud environments, applying strong Digital Forensics and Incident Response (DFIR) methodologies • Partnering with Signals Engineering to design and implement detection capabilities, including SIEM use cases, alerting strategies, and telemetry pipelines • Build and enhance automation and AI-assisted workflows to improve triage, investigation speed, and response consistency • Partner with Threat Intelligence to contextualize threats and improve detection coverage • Conduct root cause analysis (RCA) and lead post-incident reviews to drive continuous improvement and risk reduction • Develop and maintain runbooks, playbooks, and operational documentation • Collaborate cross-functionally (Engineering, Infrastructure, Legal, Product, Communications, etc) during incidents and lead proactive initiatives (e.g. tabletops) • Mentor other engineers and help elevate the team’s overall incident response maturity

• Receipt and categorisation of initial event, incident and requests from customers. • Provide initial triage and trigger escalation/assignment as appropriate. • Investigation of event alerts and liaising with the customer to confirm closure. • 24/7 rota in 8 hour shift pattern

Role Description Sellers Dorsey is seeking a new Development Security Operations Engineer (DevSecOps Engineer) who will be responsible for bridging the gap between software development and security engineering operations. As the DevSecOps Engineer, you will design, build, and maintain automated systems and tools that facilitate software development, testing, deployment, and monitoring, with a strong focus on continuous integration and continuous delivery (CI/CD) practices. You will also streamline the software release life cycle for the firm – ensuring efficient and reliable software delivery, infrastructure development, and system performance, and complete other duties as assigned. Key Responsibilities - Security & Monitoring: - Develop and implement application security vulnerability practices. - Deploy CNAPP/CSPM using tools like Microsoft native Defender for Cloud, Prisma Cloud, Wiz. - Implement security best practices within the CI/CD pipeline and infrastructure to ensure application security. - Responsible for GitHub Enterprise Administration. - Ensure proficiency in application penetration testing. - Assist developers with training and resolving vulnerabilities in a timely manner. - Active participation in Change and Architecture Review Meetings. - Automation: - Develop and implement automation scripts to streamline repetitive tasks like infrastructure provisioning, code builds, testing, deployments, and monitoring across different environments. - Design, build, and maintain continuous integration and continuous delivery pipelines using tools like Sonar, Azure DevOps, GitLab. - Infrastructure Management: - Manage cloud infrastructure Azure including provisioning, scaling, and configuration management using tools like Terraform or Ansible. - Set up monitoring/alert systems to identify potential issues in production environments and create alerts to notify relevant teams. - Work closely with our developers, QA engineers, and system administrators to identify and resolve issues throughout the development lifecycle. - Debug and troubleshoot technical issues related to deployments, infrastructure, and application performance. - Continuous Learning & Application: - Research and analyze the latest security threats, emerging technologies, and DevSecOps trends to stay ahead of evolving risks. - Engage in ongoing professional development by attending training sessions, obtaining certifications, and actively participating in industry discussions. - Apply new knowledge to improve security strategies, enhance system protections, and drive innovation in DevSecOps practices. Qualifications - Bachelor's degree in Computer Science, Information Systems, or equivalent technical discipline. - Four (4) years of experience in a DevSecOps or DevOps Engineer role. - Proven experience as a DevOps Engineer, with a focus on Microsoft technologies. - Knowledge of security best practices in DevOps. - Experience with monitoring tools like Prometheus, Grafana, or Azure Monitor. - Experience with security frameworks and compliance standards (e.g., HIPAA, HITRUST, SOC2, ISO 27001, NIST, GDPR, etc.). Additional/Preferred Education and Certifications - Programming Languages: Proficiency in scripting languages like Python, Bash, Ruby, and PowerShell. - Version Control: Expertise in Git and related branching strategies. - Cloud Computing: Deep understanding of cloud platform Azure. - Configuration Management Tools: Experience with tools like Ansible, Chef, or Puppet. - Security: Sonar Qube, Acunetix, Prisma Cloud, Wiz, Defender for Cloud. - CI/CD Tools: Knowledge of Sonar, Azure DevOps, or similar platforms. - Monitoring Tools: Familiarity with tools like Prometheus, Grafana, and Datadog. Other Requirements - Customer-focused – providing consistent service excellence. - Problem-Solving Skills: Strong analytical skills to identify and solve security and operational challenges in a timely and effective manner. - Collaboration and Communication: Ability to work closely with development, operations, and security teams to ensure smooth deployment and integration of new software releases. - Excellent communication skills to articulate security concerns and solutions effectively. - Strong interpersonal and conflict resolution skills. - Critical thinking and problem-solving skills. - Attention to detail. - Flexible thinking, including the ability to pivot and try new approaches when faced with challenges. - Ability to work on multiple projects in various stages simultaneously. - Desire to work in a fast-paced, high-energy environment. - Ability to prioritize and demonstrate relentless discipline in achieving goals. Compensation & Benefits - The anticipated salary range for candidates is $105,400/year in our lowest geographic market range to up to $140,000/year in our highest geographic market range. - The final pay offered to a successful candidate will be dependent on several factors that may include but are not limited to the type and years of experience within the job, the type of years and experience within the industry, the candidate’s education, and the candidate’s market location. - The successful candidate will also be eligible to participate in our annual Corporate Incentive Plan (CIP) that can range to up to 10% of annual salary. - Eligible to enroll in group healthcare plans that offer medical, dental, and vision. - Eligible for insurance plans offering short-term disability, long-term disability, and basic life. - Employees can enroll in Sellers Dorsey’s 401k plan provided they meet plan requirements. - Sellers Dorsey offers a Flexible Time Off that allows employees to use what they need. - 10 paid holidays throughout the calendar year. - Paid time off for qualifying medical leave, and up to 12 weeks of combined paid parental and bonding leave. Company Description Sellers Dorsey is a healthcare impact strategy firm focused on improving care access, quality, and outcomes for our nation’s most vulnerable populations. We work with providers, managed care organizations, state entities, and others, to design, implement, fund, and optimize sustainable programs that deliver maximum impact to underserved communities.

• Active Incident Response: Lead the identification and mitigation of high-impact security events. You will analyze sophisticated traffic patterns and implement precise countermeasures, including rate limiting and custom WAF & Security rules to neutralize threats in real-time. • Managed Security Delivery: Serve as a primary security consultant for MSS Customers. This involves continuous tuning and refining of security policies to optimize detection accuracy and maintaining a hardened security posture tailored to each client's unique environment. • Advanced Threat Hunting: Conduct data-driven investigations using log analysis to uncover potential threats and hardenings opportunities • Security Intelligence & Reporting: Author comprehensive After Action Reports (AARs) and monthly security summaries. You will translate complex telemetry and attack data into high-level actionable insights for customer stakeholders. • Strategic Communication: Act as the Subject Matter Expert (SME) during active security incidents. You will provide clear, calm, and professional guidance via real-time communication channels, ensuring customers are informed and confident in our defensive strategy.