Senior DevSecOps Engineer

Senior DevSecOps / Platform Engineer

Location: Remote First Team, EST Time Zone Preferred

About the Role

As a Senior DevSecOps / Platform Engineer at Cabinet Health, you will work as a member of our engineering team to audit, design, and implement secure infrastructure solutions for our patient health platform. That includes implementing security best practices as well as working with the engineering team to build tools to help us deploy faster and remedy issues quickly. Additionally, you will work across the organization to help maintain our HIPAA compliance, manage external security audits with our partners, and monitor our cloud spend. Your initial projects will range from auditing and improving the security of our AWS infrastructure (network, IAM, secrets management) to validating and improving our overall security and infrastructure best practices. The best fit for this role is an individual with passion for sustainability and for the potential technology has to improve the quality and accessibility of healthcare. Performance will be measured by your ability to maintain our HIPAA compliance, quickly address new security vulnerabilities, and embed security best practices in all aspects of our engineering organization. This role reports into the VP of Digital and Analytics.

What You’ll Do

• Own our HIPAA Engineering and Technical compliance monitoring
• Fix issues identified by our HIPAA monitoring platform, external vendor PenTests, and your own expertise
• Participate in code reviews and engineering review board meetings to help identify potential security issues before they arise
• Work with our engineers to implement new HIPAA application specific requirements
• Set internal SLAs for technical remediation timelines
• Build out tools for the engineering team to quickly identify and simulate customer observed bugs
• Lead infrastructure architecture design of existing and future systems
• Enhance and optimize our CI/CD pipelines (Github Actions)
• Mentor junior team members
• (Bonus) Contribute on backend system engineering projects

Who you are

• 4+ years of proven experience as a Platform Engineer, DevSecOps engineer, or similar role for a company in healthcare, finance, or other highly regulated industry.
• 4+ years of proven AWS experience, specifically with network systems, Route53, RDS, ECS/Fargate, ALB, Cloudfront, Lambda, and S3
• 3+ years of proven experience writing and implementing infrastructure as code.
• 3+ years proven experience with SQL and relational database design
• 3+ years of proven experience working with containers and serverless infrastructure
• 3+ years experience building, maintaining and improving CI/CD pipelines (we use Github Actions)
• Strong technical knowledge of best practice security for networks, systems, web applications, APIs, and databases.
• Familiarity with security tools and technologies, such as OWASP, SIEM, IDS/IPS, WAF and vulnerability scanners.
• Knowledge of common adversarial Tactics, Techniques, and Procedures (Mitre Att&ck TTPs).
• Good understanding of secure software development operation best practices.
• Strong expertise in architectural engineering best practices such as blue/green deployments or other zero downtime deployments methodologies.
• Worked remotely before, or know that you'd work well with a remote team

Your personal and professional values

• Highly motivated by Cabinet’s mission: to eliminate single-use plastic in medicine - making getting better, better through healthcare that is more sustainable, higher quality, and personal
• Trustworthy: dependable, prepared, and authentic
• Care-centric: care is at the center of everything we do, starting with care for ourselves, our team, and our communities. It goes beyond the medicines we sell.
• Growth-minded, growth-driven: progress over perfection is key for our company, our team, and our own personal development. We are looking for someone who is equipped to both relish in obstacles and excel in growth momentum.
• You are comfortable being versatile and overseeing both strategy and execution as we evolve your role and team
• You have a naturally collaborative demeanor and you thrive in a dynamic, fast-paced and highly-fluid environment
• You are highly analytical with the ability to turn quantitative data into insight and actionable process optimization
• You are strongly motivated by results, and possess the ability to manage independently and take calculated risks
• You are optimistic, passionate, and humble

Bonus Qualifications

• Experience with HIPAA and HITRUST framework tied to processing, storing, and transmitting protected health information (PHI)
• Experience using Terraform and AWS CDK
• Knowledge of security standards and frameworks (e.g. ISO27001, SOC I/II/III) is beneficial.
• Relevant security certifications (e.g. GCLD, Security+, AWS/GCP Security Certifications)
• Experience developing backend system software (Python, Django, Postgres, Redis, Celery)
• Experience analyzing, optimizing, and managing AWS costs
• Experience developing applications that meet HIPAA technology and process regulations and requirements

Compensation: $135,000 - $185,000 depending on experience

Other perks:

• Competitive Base Salary and Equity Package
• Health, Dental, Vision Insurance (100% coverage of 'gold' tier plan for health, 50% coverage for dependents/spouses)
• Flexible PTO Policy and generous holiday schedule
• Cabinet 401(k), with 100% match up to 3% of salary
• 3 months paid parental leave program
• Stipend towards cell phone/internet for work from home
• Stipend towards home office set up
• Company sponsored development and wellness programs (One Medical, Talkspace, Health Advocate, Kindbody Fertility)
• Summer Fridays - company office hours are closed after 2pm on Fridays during period between Memorial to Labor Day

About Cabinet:

Cabinet began with a deep curiosity about how medicine was made and more importantly, how to improve it. Built on top of a supply chain with 3 generations of medicine manufacturing expertise, we’ve set out to provide high quality and fairly priced health essentials -- but we’re not stopping there.  Our mission is to build the world’s most human and earth centric healthcare company. We offer batch-level tested and quality certified products, and are creating an innovative platform to provide content and care beyond a pill; one that’s also focused on the elimination of pharmaceutical packaging and pill waste. We hope you will join us on this journey.

Alongside cabinethealth.com, we retail with Amazon, Grove Collaborative, Walmart.com and national physical retail chains. Our investors are predominantly healthcare and consumer founders and operators, with institutional investment from SoGal Ventures, Global Impact Fund, and Techstars - all of whom prioritize societal and environmental impact alongside financial success. Our team has diverse experience in the top consumer startups and healthcare worlds. Cabinet Health’s headquarters are based in New York City but our team is set up to operate remotely (we meet quarterly in-person a team.)