DevOps/Platform Lead

Nsight Health• US,

2h•$160,000 - $190,000•Remote

About The Position

Nsight Health is transforming how care is delivered through Remote Patient Monitoring (RPM), Chronic Care Management (CCM), and Behavioral Health Integration (BHI). We empower healthcare providers to manage chronic conditions using real-time data, AI-enabled technology, and 24/7 clinical support. Our HIPAA-compliant platform connects patients and care teams nationwide—improving outcomes, adherence, and peace of mind. Join a fast-growing, mission-driven team that blends healthcare and technology to make a measurable difference in people’s lives. Nsight Health — Where Technology Meets Compassion. IF YOU HAVE BUILT PIPELINES THAT ENGINEERING TEAMS ACTUALLY DEPEND ON, YOU HAVE BEEN PAGED AT 2AM AND MADE SURE IT DID NOT HAPPEN AGAIN, AND YOU CARE ABOUT GETTING SECURITY RIGHT, NOT AS A BOX TO CHECK BUT AS A PREREQUISITE FOR SHIPPING CONFIDENTLY, THIS ROLE WAS BUILT FOR YOU. AS OUR DEVOPS / PLATFORM LEAD, YOU WILL OWN THE FULL DEPLOYMENT INFRASTRUCTURE FOR PRVNT: CI/CD PIPELINES, SECURITY GATES, ENVIRONMENT PARITY, SECRETS MANAGEMENT, AND THE AI NATIVE TOOLCHAIN THAT ENABLES OUR ENGINEERING TEAM TO MOVE FAST WITHOUT LEAVING COMPLIANCE BEHIND. THIS IS A GREENFIELD BUILD, NOT A MAINTENANCE SEAT. YOU WILL WORK DIRECTLY WITH THE VP OF ENGINEERING TO DESIGN AND OPERATE THE PIPELINE FOUNDATION THE ENTIRE ORGANIZATION RUNS ON. THIS ROLE SITS AT THE INTERSECTION OF PLATFORM ENGINEERING AND REGULATED HEALTHCARE. A BAD DEPLOYMENT HERE IS NOT JUST A TECHNICAL INCIDENT; IT IS A COMPLIANCE EVENT. YOU WILL DESIGN THE PIPELINE ACCORDINGLY, WITH MERGE BLOCKING SECURITY GATES, HIPAA COMPLIANT INFRASTRUCTURE CONTROLS, AND AUDIT READY EVIDENCE TRAILS THAT MAKE HITRUST R2 AND SOC 2 REVIEWS NON-EVENTS. AI FLUENCY REQUIREMENT - NON-NEGOTIABLE NSIGHT HEALTH IS AN AI-FIRST ORGANIZATION. EVERY MEMBER OF OUR LEADERSHIP AND OPERATIONS TEAM IS EXPECTED TO ACTIVELY USE AI TOOLS IN THEIR DAY-TO-DAY WORK - NOT AS A NOVELTY, BUT AS A CORE PRODUCTIVITY MULTIPLIER. THIS ROLE REQUIRES GENUINE CURIOSITY ABOUT AI, COMFORT EXPERIMENTING WITH TOOLS LIKE CLAUDE, CHATGPT, AND WORKFLOW AUTOMATION PLATFORMS, AND THE JUDGMENT TO KNOW WHEN AI HELPS AND WHEN IT DOESN'T. IF AI MAKES YOU UNCOMFORTABLE, THIS IS NOT THE RIGHT ROLE.

Requirements

5+ years in DevOps or platform engineering, with at least 2 years in a healthcare or regulated industry environment; direct, hands on HIPAA compliant deployment experience, not just theory.
Hands on AWS at production depth: EKS or ECS with working command of ECR, IAM, VPC, KMS, Secrets Manager, CloudWatch, and GuardDuty; built and operated in this stack.
IaC at production scale: Terraform required; all environment configuration is code, reviewed, and version controlled.
GitOps practice: ArgoCD or equivalent; declarative deployment, sync policies, and gating promotions across environments safely.
Demonstrated GitHub Actions experience at scale; pipelines that engineering teams rely on in production, not sandbox demos.
Observability stack ownership: Prometheus, Grafana, Loki, Tempo, OpenTelemetry, or Datadog; built or owned a real observability setup with alerting that drives action, not noise.
Container fundamentals: image lifecycle management, ECR, SBOM generation, and container scanning integrated into the pipeline as a gate.
Scripting fluency in Python and Bash; network fundamentals including VPC design, DNS, NACLs, and routing.
Demonstrated experience integrating SAST and SCA tooling (Snyk, SentinelOne, or equivalents) into CI/CD with merge blocking enforcement.
Working knowledge of HiTrust R2 or SOC 2 controls, including audit evidence requirements and how infrastructure decisions create or close compliance gaps.
Daily, demonstrated use of Claude Code, GitHub Copilot, or equivalent AI assisted development tools. This is a hard requirement. You cannot build AI native infrastructure if you have never operated inside the model.
Strong track record of platform reliability ownership; on call accountability for production systems.

Nice To Haves

Ansible experience for configuration management.
Scripting or development experience in Go.
Certifications: CKA, CKS, or AWS Solutions Architect (Associate or Professional). These signal the right foundation but do not substitute for demonstrated production experience.
Experience operating within a SaaS healthcare platform environment (RPM, CCM, or similar).
Exposure to AI native infrastructure architecture beyond standard CI/CD automation.

Responsibilities

Design, build, and own CI/CD pipelines for all new products and greenfield builds; provide support on existing pipeline infrastructure as needed.
Define pipeline standards that support parallel release streams and implement merge-blocking gates that prevent new high-severity security findings from reaching production.
Design deployments for forward progression: feature flags, canary releases, and automated validation gates that make every release safe to ship without relying on rollback.
Manage GitOps workflows using ArgoCD or equivalent with declarative deployment configuration, sync policies, and environment promotion gates.
Enforce source control standards across all repositories: branching strategy, signed commits, branch protection rules, and CODEOWNERS configuration.
Automate vulnerability detection and remediation workflows at the pipeline level: static analysis, dependency scanning, and container scanning integrated as blocking gates, not advisory reports.
Generate and maintain SBOMs for all containerized workloads; container registry scanning integrated into the pipeline as a blocking gate.
Maintain continuous audit evidence trails across all products, enabling rapid response to HiTrust R2 and SOC 2 review requests without a fire drill.
Enforce secrets management, access controls, and HIPAA-compliant infrastructure configurations: KMS, Secrets Manager, IAM policies, and GuardDuty alerting owned and maintained here.
Architect and maintain the infrastructure that supports AI-assisted development: how AI-generated output enters the pipeline, how it gets validated, and how it ships safely to production.
Enforce BAA-compliant AI tooling standards at the infrastructure level, with documented usage boundaries for non-PHI environments.
Build audit trail infrastructure and automated review gates for AI-generated code: every AI contribution entering production must be traceable, attributable, and compliant with the engineering quality bar.
Provision and manage all cloud infrastructure through IaC: Terraform required; no manual console changes to production.
Execute container orchestration on EKS or ECS: configuration, scaling, and environment consistency across all products.
Own disaster recovery planning, availability architecture, and uptime accountability across all production systems.
Build and maintain the full observability stack: Prometheus, Grafana, Loki, Tempo, and OpenTelemetry (or equivalent) with alerting that surfaces real signal, not noise.
Own VPC architecture, DNS, NACLs, and routing across environments: network configuration is infrastructure code, not tribal knowledge.