DevSecOps Engineer

About The Position

Requirements

• AWS Foundations: Hands-on experience with core services including VPC, EC2, ECS, IAM, S3, and SQS.
• Infrastructure as Code: Working knowledge of Terraform; comfortable following and contributing to established module patterns.
• Scripting & Automation: Proficiency in Python or NodeJS for writing clean, maintainable automation scripts.
• Networking Basics: Solid understanding of VPC design, TLS/HTTPS, and network security fundamentals.
• Security Tooling: Some exposure to SAST, DAST, or CSPM tools (e.g., Semgrep, Checkov, OWASP ZAP, Lacework, or CrowdStrike).
• Observability: Familiarity with logging and monitoring concepts.

Nice To Haves

• EKS experience is a plus.
• Experience with Prometheus, Grafana, or similar stacks is a plus.
• Exposure to HIPAA, SOC2, or PCI-DSS compliance practices.
• Basic experience operating or deploying workloads in Kubernetes (EKS preferred).
• Awareness of pull-based deployment patterns (ArgoCD or Flux).
• AWS Solutions Architect Associate, AWS Developer Associate, or equivalent cloud certifications.
• Hands-on experience with GitHub Actions, Jenkins, or similar tools.

Responsibilities

• Support the InfoSec team in running and triaging security scans using tools like Semgrep, Checkov, Lacework, or OWASP ZAP.
• Develop familiarity with HIPAA and SOC2 compliance requirements and apply them to infrastructure work.
• Participate in security reviews and help maintain a security-first development culture.
• Support integration of ongoing BurpSuite testing.
• Contribute to and maintain our AWS infrastructure using Terraform, following established patterns for modularity and reusability.
• Help implement self-scaling and self-healing configurations under the guidance of senior engineers.
• Support VPC, EC2, ECS, EKS, IAM, S3, and SQS environments in a production HIPAA-regulated context.
• Own and improve automation scripts and pipelines using Python or NodeJS, targeting manual toil reduction across the CI/CD lifecycle.
• Assist in integrating security tooling (SAST/DAST/CSPM) into delivery pipelines without blocking developer velocity.
• Identify repetitive manual tasks and propose or implement automation solutions.
• Monitor infrastructure health using logging and metrics tooling (Prometheus, Grafana, LGTM stack) and respond to alerts.
• Participate in on-call rotations with senior engineers and contribute to blameless post-mortems.
• Help document root causes and implement lasting fixes, not just quick patches.
• Leverage AI tools (GitHub Copilot, Claude) to accelerate IaC authoring, documentation, and code review.
• Experiment with prompt-driven approaches including Gemini Enterprise to infrastructure tasks and share learnings with the team.
• Work with agentic operations/agentic engineering tools.

Benefits

• Base salary, bonus, and a comprehensive suite of benefits.
• Paid parental leave.
• Comprehensive medical, dental, and vision policies.
• Xealth covers 100% of employee premiums.
• Employee Assistance Programs.
• Xealth provides your laptop.
• Home office stipend.
• Generous learning & development opportunities.
• 401k Match: Xealth offers a dollar-for-dollar match up to 3%.
• Flexible time off.
• 10 standardized holidays.
• $500 yearly fitness stipend.