Sr. DevOps Engineer (DevOps Engineer IV) - REMOTE

About Net Health  

Belong. Thrive. Make a Difference.  

Are you looking for a meaningful and satisfying career where you have endless opportunities to grow and be financially rewarded? Net Health may be the perfect place for you.   

A high-growth and profitable company, we help caregivers harness data for human health. We also honor and respect the needs of our Net Health family and staff, which is why we offer a work-from-anywhere environment and unlimited PTO. Our welcoming and collaborative culture paired with progressive benefits makes Net Health the ultimate career home! 

As a leading-edge SaaS company in healthcare, we deliver solutions that help patients get better, faster, and live more fulfilling lives. Our software and predictive analytics cover the continuum of care, from hospital-to-home, across various medical specialties. Come join us and start the next chapter of your exciting career while helping others to live better lives.  

World-Class Benefits That Reflect Our World-Class Culture. 

Click Here to Learn More!: 

#WorkFromAnywhere #UnlimitedPTO #ComprehensiveBenefitsPackage #EmployeeResourceGroups #CasualDressCode #PrioritizedEmployeeWellness #DiversityAndInclusion #AVoice #NewHireSupport #CareerDevelopment #EducationalAssistance #EmployeeReferralBonus #ProgressiveParentalLeave    

JOB OVERVIEW

The Sr. Platform Engineer is a principal-level individual contributor who develops reusable patterns, automation, and platform foundations that drive how secure, compliant architectures are built and deployed across Net Health. Working within standards set by partner teams (Security, Zero Trust, Identity, Data, and Reliability), this role designs the infrastructure and delivery patterns that product teams build on — raising platform capability through reusable design, coaching of I/II/III engineers, and cross-functional partnership. No direct people-management responsibility.

RESPONSIBILITIES AND DUTIES

• Platform Patterns & Architecture
  • Develop reusable reference architectures and patterns for compute and storage; implement networking, identity, and security within standards set by the Network, Identity, and Security teams.
  • Design patterns for resilient data and service backends (Azure SQL, SQL Managed Instance, Storage, Redis Cache, Service Bus, Event Grid); develop and validate DR patterns against defined RTO/RPO targets.
  • Develop patterns for secrets, identity, and configuration management (Key Vault, managed identities, federated credentials, Entra workload identity) aligned with Zero Trust and Security standards.
  • Develop and maintain networking patterns (hub/spoke, Private Endpoint/Link, DNS forwarder topology, NSG and route-table patterns) that realize the architecture the Network team owns.
  • Own Azure landing zone and subscription governance patterns: management group hierarchy, Azure Policy initiatives, cost guardrails, and role-separation models defined with Security and Zero Trust.
• CI/CD & Platform Automation
  • Define and own the GitOps and continuous delivery strategy: policy gates, approval workflows, environment promotion logic, and automated rollback across platform pipelines.
  • Serve as the authoritative Terraform practitioner: versioned module libraries, policy-as-code enforcement, drift detection, and CI-integrated plan/apply with full audit trails.
  • Own the Azure DevOps multi-stage YAML pipeline standards for infrastructure deployment that all teams build from.
  • Build and maintain platform automation tooling in PowerShell and Azure CLI: self-service infrastructure templates, golden images, and operational tooling that reduce manual toil.
• Container & Application Platform
  • Own the patterns and platform for container and application hosting (Container Apps, App Service, Function Apps); implement networking integration, registry governance (ACR), identity federation, and security controls per Network, Identity, and Security team standards.
  • Define deployment patterns, scaling strategies, and troubleshooting runbooks for container workloads; drive reliability and operational maturity across hosted application surfaces.
• Observability
  • Develop platform observability patterns and tooling (Log Analytics, Application Insights, Azure Monitor); implement alerting standards and the SLO framework owned by the Reliability team.
• Security & Compliance
  • Implement platform security guardrails as Azure Policy patterns, enforcing the standards and least-privilege models owned by Security and Zero Trust; detect and remediate policy drift before it becomes risk.
  • Implement platform patterns that satisfy SOC 2, HIPAA, and HITRUST control requirements; produce audit-ready evidence for the platform layer.
• Cost & Performance
  • Contribute to cost management: right-size compute and storage, tune autoscale and VMSS profiles, optimize reservation and spot usage, and deliver dashboards and forecasts that inform decisions.
  • Identify and drive cost-reduction initiatives (caching, CDN, data lifecycle, build-farm efficiency); track realized savings and communicate ROI to engineering and finance stakeholders.
• Documentation & Knowledge Management
  • Own quality and discoverability of the platform documentation ecosystem; author ADRs, pipeline standards, and runbooks that become the trusted reference for engineering teams.
  • Drive adoption of the internal platform catalog; contribute reusable, versioned Terraform modules and patterns that eliminate one-off solutions.

QUALIFICATIONS

• Bachelor’s degree in Computer Science, Software Engineering, Information Technology, or a related field — or equivalent professional experience if you don’t have a degree
• 10+ years hands-on Azure platform engineering in multi-subscription enterprise environments, with a track record of reusable patterns and platform decisions adopted across teams.
• Deep Azure expertise across compute (VMSS, Container Apps, App Service), networking (VNet, Private Link,
  App Gateway, Front Door, DNS), data (SQL MI, Azure SQL, Storage), and identity (Entra ID, Managed Identity, RBAC).
• Terraform mastery at org scale: advanced state strategy, reusable versioned module libraries, policy-as-code enforcement, automated drift detection, and CI-integrated plan/apply with change controls.
• Azure DevOps pipeline proficiency: multi-stage YAML design, approval and environment governance, and progressive delivery patterns applied to infrastructure deployments.
• Advanced PowerShell automation with delivery of reusable platform tooling; Azure CLI proficiency in production automation and pipeline contexts.
• Deep networking expertise (VNets, routing, DNS, load balancing, private endpoints) to implement hub/spoke and zero-trust segmentation patterns in production.
• Experience implementing compliant platform patterns under SOC 2, HIPAA, and HITRUST, including producing audit-ready evidence and supporting remediation of findings.
• Knowledge of Azure landing zone design, management group hierarchy, Azure Policy, and subscription governance at enterprise scale.
• Familiarity with event-driven and messaging patterns (Service Bus, Event Grid, Storage Queues) in resilient, decoupled platform architectures.
• Preferred: Experience with Azure AI platform services (Azure OpenAI Service, Azure AI Foundry) and patterns for AI workload deployment.

REQUIRED SOFTWARE EXPERIENCE

• Terraform | Azure DevOps | Azure CLI | PowerShell
• Azure Container Apps | Azure App Service | Azure Function Apps | ACR
• Log Analytics / KQL | Application Insights | Azure Monitor | New Relic
• Azure Policy | Key Vault | Managed Identity | RBAC / Entra ID
• Private Endpoint / Private Link | Application Gateway | Azure Front Door | ExpressRoute / VPN Gateway
• Azure Cost Management | IIS

Note: This job description is not intended to be all-inclusive. Employees may perform other related duties as requested to meet the ongoing needs of the organization.

Salary Range: $120,000.00 - $150,000.00 USD

A word on Al-assisted candidate fraud & deepfakes: Our company maintains a zero-tolerance policy for the use of Al tools to misrepresent a candidate's skills, experience, or qualifications during the hiring process. We utilize advanced screening methods to detect such practices and reserve the right to disqualify and report candidates who violate this policy.