Software Engineer

About The Position

Requirements

• 5+ years of professional software engineering experience in a production environment, including building automation tools or platform services using Python, with clean, tested, and maintainable code
• 2+ years of experience leading the design, development, and deployment of medium-complexity features or services
• 2+ years of hands-on work experience with AWS core services (IAM, VPC, EC2/ECS, Lambda, S3, RDS) and monitoring/logging tools such as CloudWatch and CloudTrail in a production setting
• 2+ years of experience building and maintaining CI/CD pipelines with automated testing, security scans, policy enforcement, and infrastructure as code using Terraform or similar tools
• 2+ years of applying DevSecOps practices, including secrets management (Vault or similar), security scanning, dependency checks, and configuration validation to ensure secure deployments
• 2+ years of experience working with observability tools and methods for distributed systems, including structured logging, metrics, alerting, and troubleshooting, along with knowledge of identity and access control principles such as least privilege and role-based access
• 1+ years of experience working directly with production systems, including participation in on-call rotation, and proven ability to collaborate effectively across engineering and security teams

Nice To Haves

• Experience managing HashiCorp Vault in production, including configuring authentication methods, policies, KV and transit engines, performing upgrades, and handling migrations
• Experience working with container and serverless workloads on AWS (ECS, Fargate, Lambda) and applying security and observability best practices to those environments
• Experience improving security and compliance metrics for cloud accounts or applications, including automating vulnerability and configuration reporting
• Experience with security and compliance tools such as static analysis scanners, dependency and container scanning solutions, or cloud security posture management platforms
• Experience writing reusable Terraform modules and supporting multi-account AWS environments
• Hands-on participation in incident response for security events or large-scale dependency vulnerabilities
• AWS certifications such as AWS Certified Developer - Associate or AWS Certified Solutions Architect - Associate
• HashiCorp Certified Vault Associate or similar Vault-related certification.
• Security-focused certifications (e.g., CompTIA Security+, GIAC) are a plus but not required

Responsibilities

• Provide limited, short-term operational support for the legacy HashiCorp Vault environment, focusing on stability, incident response, and “keep-the-lights-on” maintenance during its decommissioning phase
• Lead the migration of secrets and encryption workflows from HashiCorp Vault to AWS Secrets Manager and AWS Key Management Service (KMS), ensuring secure, efficient, and disruption-free transitions for application and infrastructure teams
• Design, build, and maintain secure CI/CD pipelines that integrate automated testing, security scanning, and policy enforcement for application and infrastructure changes
• Define and manage AWS infrastructure as code using Terraform, applying reusable modules and safe deployment practices for networking, compute, storage, and security resources
• Partner with the enterprise Compliance and Security teams to implement security initiatives across approximately 81 applications within the UHC Consumer Engineering organization, ensuring best practices are applied to improve security posture and compliance scores
• Execute security visibility objectives to raise MBO scores toward ≥90%25 targets, track progress and drive adoption of security controls across the portfolio
• Advance enterprise CI/CD security adoption by implementing required pipeline controls, enabling automated blocking of critical vulnerabilities, and achieving ≥95%25 adoption goals
• Automate security posture and vulnerability reporting to provide actionable insights for engineering teams and support internal governance requirements
• Collaborate with application, infrastructure, and security teams to design secure, observable AWS architectures for containerized and serverless workloads (ECS, Fargate, Lambda)
• Participate in the on-call rotation for DevSecOps tooling, responding to incidents and implementing improvements to strengthen security and reliability
• Contribute to enterprise AI initiatives by developing secure, compliant AI capabilities, helping shift the organization toward building AI solutions rather than solely consuming them

Benefits

• a comprehensive benefits package
• incentive and recognition programs
• equity stock purchase
• 401k contribution