DevSecOps / Platform Engineer (Boston preferred)

RightMove Health•Boston, MA

1d•Onsite

About The Position

RightMove is redefining how value-based musculoskeletal (MSK) care is delivered. Built in partnership with the Hospital for Special Surgery (HSS), we’re creating a new standard of coordinated, expert-led care that gets people moving better and faster. We partner with PCPs, Orthopedic specialists, and health plans to deliver high-value, patient-centered MSK care. Our value-based care model includes patient engagement, virtual physical therapy, and care navigation to high-value imaging and specialty partners. We run a serverless-first stack on AWS, and we operate as a true DevOps org: engineers build and own their own infrastructure, but we’re looking to add a DevOps/Platform engineer to the team to help us grow. This is a sole-platform-engineer role today, with real autonomy and real scope. You’ll work across infrastructure, developer experience, and security/compliance. You’ll build tooling so that we don’t have to keep reinventing the wheel; you’ll standardize and update our infrastructure; and you’ll own and update our CI/CD pipeline so we can deploy code safely and quickly.

Requirements

Strong AWS experience, especially serverless (currently AppSync and Lambdas, but we’re considering a move to API Gateway).
Solid infrastructure-as-code expertise (Terraform, CloudFormation, CDK, or similar).
A platform mindset: you measure your success by how productive you make other engineers, not by how many tickets you close.
Comfortable in code: not afraid to edit application code to achieve infrastructure or tooling goals.
Solid grasp of cloud security fundamentals (IAM, network boundaries, secrets, least privilege).
CI/CD pipeline experience and a bias toward automation.
Comfort operating with autonomy in a small team where you’ll likely wear many hats.

Nice To Haves

CDK experience is a plus, but strong IaC fundamentals matter more.
Experience supporting SOC 2, HIPAA, or similar audits/compliance regimes.
SSO / identity tooling (Okta, AWS IAM Identity Center, etc.).

Responsibilities

Build and maintain reusable infrastructure components, so application engineers can safely stand up new components without shooting themselves in the foot.
Take the lead on improving observability (monitoring, alerting, etc), so it’s easy for application engineers to know that their code is running, and to learn about issues before users have to report them.
Solve concrete infra needs as they arise — everything from setting up SFTP sites for customer file-sharing to creating a pathway so that outbound API requests are sent from a fixed IP.
Standardize and harden our AWS footprint, with security, budget, and HIPAA considerations front of mind.
Make our CI/CD pipelines faster and more effective.
Solve developer pain points like shared dev environments and locally running code.
Help us move to the next stage of maturity with improved monitoring and alerting tools.
Own security tooling integration across our SDLC — embedding automated scanning and policy enforcement so that security is a feature of our delivery pipeline, not a final gate.
Run and tune SAST, DAST, SCA, and container scanning tools so the signal-to-noise ratio is actually usable.
Implement guardrails and controls using AWS-native services such as AWS Security Hub, GuardDuty, and Config; conduct regular vulnerability scans, configuration reviews, and remediation tracking.
Threat model new services and architecture changes before they ship, ideally during design review rather than after launch.
Act as the technical interface to our outsourced IT department and recognize when our users need additional support.