Staff DevSecOps Engineer at Redox | Torre
warning

Heads-up

The job you’re trying to post already exists in Torre:

Staff DevSecOps Engineer

You'll secure the foundation of healthcare data exchange, embedding security by design across our platform.
Emma highlights
This highlight was written by Emma’s AI. Ask Emma to edit it.
Full-time

Legal agreement: Employment

Compensation
USD190k - 199k/year
location_on
Remote (for United States residents)
Match
skeleton-gauges
You have opted out of job matches in .
To undo this, go to the 'Skills and Interests' section of your preferences.
Review preferences
Shared by
Emma of Torre.ai
9 days ago

Requirements and responsibilities


Redox is on a mission to accelerate healthcare’s transformation with useful data. Redox Engine, a flexible interoperability platform, connects and powers real-time healthcare data exchange. With just one connection, data can be orchestrated across a growing network of 12,000+ systems and organizations, including 100+ electronic health record systems (EHRs). Redox processes over 1.2 billion messages per month across our health tech vendor, provider, payer, EHR, and life sciences customers.Opportunity & ImpactThe Platform Team at Redox Engineering builds the foundations that let application developers ship reliably - the automation, guardrails, and infrastructure that power how healthcare data moves securely through our systems.We're looking for a Staff DevSecOps Engineer who thinks security is a design constraint, not an afterthought. You'll work at the intersection of platform engineering and security — hardening how we build, ship, and run software on our AWS/EKS platform, and making secure defaults the easy path for every engineer at Redox.We're a fully remote team within the U.S. that operates with radical transparency and a strong bias toward ownership.Our Engineering Culture & How We WorkPsychological Safety, Ownership & AutonomyWe make room for everyone to be heard, regardless of level. We work openly, normalize not knowing things, and treat "learning out loud" as a feature, not a liability. You'll be expected to bring your real perspective, push back when you see something wrong, and commit fully once a decision is made. As a Staff Engineer, you help cultivate our culture: you model the behavior, you embrace questions, you acknowledge mistakes.Radical TransparencyWe default to public Slack channels over DMs, post Zoom summaries back in writing, and work async whenever possible. We'd rather expose incomplete thinking in public to get better feedback than protect it in private. That applies to security work too - when you identify a risk or propose a control, you bring it to the table with a recommendation, not just a concern.Engineering-Driven OwnershipWe own the systems we maintain, not just the new features on the roadmap. You'll have latitude to identify and drive platform work - defining scope, consulting on priority, and seeing it through from design to operationalization. We measure ourselves by the value we deliver, not the process we follow.Job Responsibilities:Champion a security-first mindset within Engineering to help set the security posture of our platform infrastructure — supply chain hardening, secrets management, IAM/IRSA, container image integrity, and vulnerability remediation across our AWS/EKS environmentDesign and build automation that makes compliance evidence continuous, not manual — translating HITRUST controls into passing tests and structured outputs that flow into our compliance tooling (Vanta)Embed security into the platform by default: make the secure path the easy path for application engineers, through guardrails, policy-as-code, and well-documented patternsPartner with our Security team to translate threat assessments and control gaps into engineering proposals with clear scope, tradeoffs, and recommended paths forwardLead platform security initiatives from design to operationalization — requirements, technical design, code and code review, deployment, and documentationContribute hands-on to the broader platform: CI/CD pipelines, container orchestration, observability, and developer tooling — this is an IC role, not a governance roleParticipate in on-call rotation and own the systems you build, including production incidentsMentor engineers on security practices and raise the security baseline across the teamRequired Skills & Experience:8+ years in cloud-native infrastructure or platform engineering roles, with demonstrable progression in technical scope and leadershipHands-on expertise with AWS and Kubernetes (EKS) — you've operated these in production, not just deployed themSecurity depth: you understand supply chain risk, IAM/zero-trust patterns, secrets management, and vulnerability management at the platform level — not just as conceptsExperience translating compliance frameworks (HITRUST, SOC 2, or equivalent) into concrete engineering controls — bonus if you've worked with Vanta or similar compliance automation toolingFluency in infrastructure-as-code (Terraform/HCL) and at least one scripting language (Python, Go, or Node.js/TypeScript)Experience with modern CI/CD systems and the security surface they introduce — pipeline integrity, artifact signing, registry controlsStrong written communication and a track record of driving technical decisions in async, remote environments - you write proposals, not just Slack messages, and convert them to impactOur stack — you'll be hands-on with these:AWS, Docker, EKSGitHub Actions (CI), ArgoCD (CD)Kyverno, Karpenter, KEDA, VPA, Velero, CrossplanePrometheus, Grafana, InfluxDB, Sumo Logic and MimirTerraform, helm and AtlantisPostgres, RedisKafkaSecurity vulnerability reporting toolsNice to have in your background:Experience in a fully remote, growth-stage, or regulated-industry companyDeveloper enablement work — you've thought about the internal developer experience, not just the ops sideGo, Node.js, or TypeScript — we're a TypeScript shop and it helps to be comfortable thereVanta or similar compliance automation toolingVPN administration or enterprise network security experienceDependency management tooling (Renovate, Dependabot)Benefits & Perks100% remote first culture (must be based in the US)Unlimited Flexible Time Off15+ Observed HolidaysRest & R^Charge days (guaranteed a 3-day weekend each month)R^Charge (6 weeks paid sabbatical + stipend)401k match 50% for up to 8% on Day 1Medical/Dental/Vision Benefits on Day 1HSA & FSA, Life, Disability, Medical Travel & Employee Assistance ProgramPaid Parental Leave (16 weeks)Productivity Stipend & Wellness FundRedox Issued MacBookVirtual and/or in-person Team & Company EventsStock OptionsEmployee Referral Bonus ProgramAbout Redox - Take a look here: https://youtu.be/4OjENXR6UXAWhat We DoHealthcare organizations and technology vendors connect to Redox once, then authorize what data they send to and receive from partners through a centralized hub. Redox's cloud-based platform is vendor and standards-agnostic and enables the secure and efficient exchange of healthcare data.This approach eradicates the need for point-to-point integrations and accelerates the discovery, adoption, and distribution of patient and provider-facing technology solutions. With hundreds of healthcare organizations and technology vendors exchanging data today, Redox represents the largest interoperable network in healthcare. Learn how you can leverage the Redox platform at www.redoxengine.com.Other Stuff About UsRedox is an EEO company. We fully support the diversity of our team. As part of our ongoing work to build more diverse teams at Redox, you will be asked to complete a voluntary EEO survey when applying. This survey is anonymous, we cannot link your application record with your survey responses. We request that you complete this voluntary survey as we run monthly reports for each team which provides data for diversity in terms of gender and ethnic background in our Applicants and our Hired Redoxers. We take this data very seriously and appreciate your willingness and time to complete this step in the process.Successful candidates must be eligible to be employed in the U.S. and must reside & work in the continental U.S.
Optionally, you can add more information later (benefits, pre-screening questions, etc.)
check_circle

Payment confirmed

A member of the Torre team will contact you shortly

In the meantime, continue adding information to your job opening.