Staff DevSecOps Engineer
Redox · Remote
About The Role
Redox is on a mission to accelerate healthcare’s transformation with useful data. Redox Engine, a flexible interoperability platform, connects and powers real-time healthcare data exchange. With just one connection, data can be orchestrated across a growing network of 12,000+ systems and organizations, including 100+ electronic health record systems (EHRs). Redox processes over 1.2 billion messages per month across our health tech vendor, provider, payer, EHR, and life sciences customers.
Job Responsibilities
-
Champion a security-first mindset within Engineering to help set the security posture of our platform infrastructure — supply chain hardening, secrets management, IAM/IRSA, container image integrity, and vulnerability remediation across our AWS/EKS environment
-
Design and build automation that makes compliance evidence continuous, not manual — translating HITRUST controls into passing tests and structured outputs that flow into our compliance tooling (Vanta)
-
Embed security into the platform by default: make the secure path the easy path for application engineers, through guardrails, policy-as-code, and well-documented patterns
-
Partner with our Security team to translate threat assessments and control gaps into engineering proposals with clear scope, tradeoffs, and recommended paths forward
-
Lead platform security initiatives from design to operationalization — requirements, technical design, code and code review, deployment, and documentation
-
Contribute hands-on to the broader platform: CI/CD pipelines, container orchestration, observability, and developer tooling — this is an IC role, not a governance role
-
Participate in on-call rotation and own the systems you build, including production incidents
-
Mentor engineers on security practices and raise the security baseline across the team
Required Skills & Experience
-
8+ years in cloud-native infrastructure or platform engineering roles, with demonstrable progression in technical scope and leadership
-
Hands-on expertise with AWS and Kubernetes (EKS) — you've operated these in production, not just deployed them
-
Security depth: you understand supply chain risk, IAM/zero-trust patterns, secrets management, and vulnerability management at the platform level — not just as concepts
-
Experience translating compliance frameworks (HITRUST, SOC 2, or equivalent) into concrete engineering controls — bonus if you've worked with Vanta or similar compliance automation tooling
-
Fluency in infrastructure-as-code (Terraform/HCL) and at least one scripting language (Python, Go, or Node.js/TypeScript)
-
Experience with modern CI/CD systems and the security surface they introduce — pipeline integrity, artifact signing, registry controls
-
Strong written communication and a track record of driving technical decisions in async, remote environments - you write proposals, not just Slack messages, and convert them to impact
Our stack — you'll be hands-on with these
-
AWS, Docker, EKS
-
GitHub Actions (CI), ArgoCD (CD)
-
Kyverno, Karpenter, KEDA, VPA, Velero, Crossplane
-
Prometheus, Grafana, InfluxDB, Sumo Logic and Mimir
- -
- Terraform, helm and Atlantis
- -
Postgres, Redis
-
Kafka
- -
- Security vulnerability reporting tools
Nice to have in your background
- -
- Experience in a fully remote, growth-stage, or regulated-industry company
- -
- Developer enablement work — you've thought about the internal developer experience, not just the ops side
- -
- Go, Node.js, or TypeScript — we're a TypeScript shop and it helps to be comfortable there
- -
- Vanta or similar compliance automation tooling
- -
- VPN administration or enterprise network security experience
- -
- Dependency management tooling (Renovate, Dependabot)
This listing was posted by a verified recruiter at Redox. Report this listing
JobSpring