Staff DevSecOps Engineer

About Redox: Redox is on an aggressive mission to accelerate healthcare’s digital transformation with highly available, useful data infrastructure. Our core product, the Redox Engine, functions as a flexible interoperability platform that connects and powers real-time healthcare data exchanges globally. With just one secure connection, critical clinical data can be orchestrated smoothly across a growing network of 12,000+ distinct health systems and organizations, stretching across more than 100 electronic health record (EHR) environments. Redox securely processes over 1.2 billion mission-critical messages per single month across our diverse health-tech vendor, provider network, payer pool, and life sciences customer base.

Position Overview

We are seeking a highly analytical, leadership-driven, and code-fluent Staff DevSecOps Engineer to join our centralized Platform Engineering organization under a permanent, full-time remote framework open exclusively to candidates residing within the United States. In this senior individual contributor seat, you will work directly at the complex intersection of cloud infrastructure security, automated developer tooling, and pipeline resiliency—hardening how we build, ship, and operate software across our large-scale AWS and EKS platform layers. Shifting completely away from customer-facing visual storefront alterations, non-technical file entry, or basic IT helpdesk support, you will run an active container orchestration, continuous compliance testing, and automated security-by-design laboratory. This position requires an engineering authority with 8+ years of infrastructure experience who manages system guardrails fluidly natively using DevOps and cybersecurity mechanics, converts HITRUST or SOC 2 criteria into automated test suites, implements policy-as-code patterns, and mentors engineers confidently to establish highly resilient cloud defaults across the company.

Key Responsibilities

• Platform Infrastructure Hardening: Architect, implement, and maintain the underlying security architecture across our high-traffic AWS and EKS container configurations natively utilizing DevOps practices, ensuring strict isolation rules.
• Continuous Compliance Engineering: Translate complex security standards (including HITRUST and SOC 2 frameworks) into concrete automated passing tests, outputting structured signals seamlessly into our compliance engines via Vanta.
• Secure Defaults & Policy as Code: Embed automated policy-as-code guardrails directly into the developer workflow using utilities like Kyverno and Crossplane, making the secure integration track the easiest choice for application engineers.
• Pipeline Integrity Governance: Harden our modern CI/CD software delivery chains, managing supply chain risks, artifact signing, secret stores, and secure registry controls across GitHub Actions and ArgoCD nodes.
• Hands-on Core IC Contributions: Participate actively in infrastructure management using Terraform and Helm scripts, tuning cluster scaling protocols via Karpenter, KEDA, and Velero.
• Incident Triage & Telemetry Tracking: Engage inside a collaborative technical on-call rotation, managing real-time data flow optimizations and service logs using Prometheus, Grafana, and Sumo Logic dashboards.

Required Skills & Qualifications

• A minimum of 8+ years of proven professional history operating inside a cloud-native infrastructure, DevSecOps, Site Reliability Engineering (SRE), or Platform Engineering role.
• Expert Containerization Fluency: Extensive, hands-on production history administering, scaling, and troubleshooting enterprise application instances inside native AWS and Kubernetes (EKS) environments.
• Granular capability writing configuration files programmatically using Terraform (HCL) paired with scripting literacy in Go, Node.js, or TypeScript primitives.
• Demonstrated experience converting multi-layered security frameworks (HITRUST, SOC 2, or NIST rules) into concrete technical controls or automated compliance tests.
• Outstanding written communication and a proven track record driving technical architectural choices asynchronously via detailed technical proposals.
• Location Context: Position operates under 100% remote parameters open exclusively to qualified platform engineering authorities residing permanently inside the United States.

Preferred Strategic Indicators (Nice to Have)

• Prior experience operating inside a growth-stage company or highly regulated healthcare infrastructure setting.
• Familiarity navigating advanced automated auditing suites, specifically including hands-on experience utilizing Vanta software.
• Background executing enterprise network security designs, managing enterprise VPN instances, or maintaining dependency tools like Dependabot or Renovate.

What We Offer

• Structured Individual Contributor Salary Grid: A competitive annual base salary range of $190,000 – $199,000 USD, supplemented by strategic corporate stock option grants and attractive total rewards.
• 100% remote-first workspace freedom within the US, backed by an autonomous engineering execution culture.
• Guaranteed Monthly Rest & Recharge Days: Generous scheduling designs providing a guaranteed 3-day weekend every single month to prevent burnout.
• Paid Sabbatical Opportunities: Access to an exclusive "R^Charge" sabbatical module, offering 6 weeks of fully paid time off plus a dedicated stipend after tenure milestones.
• Comprehensive healthcare protection features, covering Medical, Dental, and Vision premiums entirely on Day 1 for individual personnel.
• Immediate 401(k) company matching access (50% match for up to 8% contributions) alongside 16 weeks of fully paid parental leave, productivity gear stipends, and a corporate MacBook setup.