The Platform Team at Redox Engineering builds the foundations that let application developers ship reliably - the automation, guardrails, and infrastructure that power how healthcare data moves securely through our systems.
We're looking for a Staff DevSecOps Engineer who thinks security is a design constraint, not an afterthought. You'll work at the intersection of platform engineering and security — hardening how we build, ship, and run software on our AWS/EKS platform, and making secure defaults the easy path for every engineer at Redox.
We're a fully remote team within the U.S. that operates with radical transparency and a strong bias toward ownership.
Our Engineering Culture & How We WorkPsychological Safety, Ownership & Autonomy
We make room for everyone to be heard, regardless of level. We work openly, normalize not knowing things, and treat "learning out loud" as a feature, not a liability. You'll be expected to bring your real perspective, push back when you see something wrong, and commit fully once a decision is made. As a Staff Engineer, you help cultivate our culture: you model the behavior, you embrace questions, you acknowledge mistakes.
Radical Transparency
We default to public Slack channels over DMs, post Zoom summaries back in writing, and work async whenever possible. We'd rather expose incomplete thinking in public to get better feedback than protect it in private. That applies to security work too - when you identify a risk or propose a control, you bring it to the table with a recommendation, not just a concern.
Engineering-Driven Ownership
We own the systems we maintain, not just the new features on the roadmap. You'll have latitude to identify and drive platform work - defining scope, consulting on priority, and seeing it through from design to operationalization. We measure ourselves by the value we deliver, not the process we follow.
Job Responsibilities:
Champion a security-first mindset within Engineering to help set the security posture of our platform infrastructure — supply chain hardening, secrets management, IAM/IRSA, container image integrity, and vulnerability remediation across our AWS/EKS environment
Design and build automation that makes compliance evidence continuous, not manual — translating HITRUST controls into passing tests and structured outputs that flow into our compliance tooling (Vanta)
Embed security into the platform by default: make the secure path the easy path for application engineers, through guardrails, policy-as-code, and well-documented patterns
Partner with our Security team to translate threat assessments and control gaps into engineering proposals with clear scope, tradeoffs, and recommended paths forward
Lead platform security initiatives from design to operationalization — requirements, technical design, code and code review, deployment, and documentation
Contribute hands-on to the broader platform: CI/CD pipelines, container orchestration, observability, and developer tooling — this is an IC role, not a governance role
Participate in on-call rotation and own the systems you build, including production incidents
Mentor engineers on security practices and raise the security baseline across the team
Required Skills & Experience:
8+ years in cloud-native infrastructure or platform engineering roles, with demonstrable progression in technical scope and leadership
Hands-on expertise with AWS and Kubernetes (EKS) — you've operated these in production, not just deployed them
Security depth: you understand supply chain risk, IAM/zero-trust patterns, secrets management, and vulnerability management at the platform level — not just as concepts
Experience translating compliance frameworks (HITRUST, SOC 2, or equivalent) into concrete engineering controls — bonus if you've worked with Vanta or similar compliance automation tooling
Fluency in infrastructure-as-code (Terraform/HCL) and at least one scripting language (Python, Go, or Node.js/TypeScript)
Experience with modern CI/CD systems and the security surface they introduce — pipeline integrity, artifact signing, registry controls
Strong written communication and a track record of driving technical decisions in async, remote environments - you write proposals, not just Slack messages, and convert them to impact
Our stack — you'll be hands-on with these:
AWS, Docker, EKS
GitHub Actions (CI), ArgoCD (CD)
Kyverno, Karpenter, KEDA, VPA, Velero, Crossplane
Prometheus, Grafana, InfluxDB, Sumo Logic and Mimir
Terraform, helm and Atlantis
Postgres, Redis
Kafka
Security vulnerability reporting tools
Nice to have in your background:
Experience in a fully remote, growth-stage, or regulated-industry company
Developer enablement work — you've thought about the internal developer experience, not just the ops side
Go, Node.js, or TypeScript — we're a TypeScript shop and it helps to be comfortable there
Vanta or similar compliance automation tooling
VPN administration or enterprise network security experience
Dependency management tooling (Renovate, Dependabot)
Skills Required
- 8+ years in cloud-native infrastructure or platform engineering roles with demonstrated progression
- Hands-on expertise operating AWS and Kubernetes (EKS) in production
- Deep platform security experience: supply chain risk, IAM/zero-trust patterns, secrets management, vulnerability management
- Experience translating compliance frameworks (HITRUST, SOC 2, or equivalent) into engineering controls
- Fluency with infrastructure-as-code (Terraform/HCL)
- Proficiency in at least one scripting language (Python, Go, or Node.js/TypeScript)
- Experience with modern CI/CD systems and securing pipeline integrity, artifact signing, and registry controls
- Strong written communication and track record driving technical decisions in async, remote environments
- Participate in on-call rotation and own systems including production incident response
- Hands-on experience with container orchestration, CI/CD, observability, and developer tooling (platform contributions)
- Experience with Vanta or similar compliance automation tooling
- Experience in developer enablement, VPN/enterprise network security, or dependency management tooling (Renovate, Dependabot)
What We Do
The short of it: Redox makes it easy to transport healthcare data between healthcare organizations and digital health companies. It's simple: you focus on innovation and caring for patients, and we take care of the nitty gritty of data exchange. The long of it: Healthcare organizations and technology vendors connect to Redox once, then authorize what data they send to and receive from partners through a centralized hub. Redox's cloud-based platform is vendor and standards agnostic and enables the secure and efficient exchange of healthcare data. This approach eradicates the need for point-to-point integrations and accelerates the discovery, adoption, and distribution of patient and provider-facing technology solutions. With hundreds of healthcare organizations and technology vendors exchanging data today, Redox represents the largest interoperable network in healthcare. Learn how you can leverage the Redox platform at www.redoxengine.com.
Why Work With Us
In order to do revolutionary things, we need a team of strong, diverse, mission-focused people. Whether we’re physically together or in our own little corner of the country, we are all focused on getting outcomes based on experimentation, data-driven decisions, and execution—and having some fun while doing it.
Gallery
.png)
