Role: Cloud/SRE/DevSecOps Engineer
Location: Remote
Visa: No H1B
About the Role
We are seeking a Security & Compliance Readiness Engineer to join our General Availability (GA) Readiness initiative on a contract basis. This role owns the security hardening and technical compliance work
required to bring our application to a production-ready security posture ahead of public launch. Our application handles PHI via a FHIR-compliant data layer, and our GA milestone includes navigating a significant enterprise security assessment program. Stakeholder
coordination, enterprise program enrollment management, and cross-functional dependency tracking for the compliance workstream are supported by the Engineering Manager — this role focuses on the technical execution: hardening, auditing, validating, and documenting.
OTel instrumentation is a shared responsibility between both contractor roles: the paired Launch Readiness Engineer owns the telemetry pipeline and performance observability layer; this role owns structured audit logging, log granularity requirements, and
PHI/PII data masking within that same pipeline.
What You'll Do
• Execute technical security hardening tasks surfaced through our enterprise security assessment program — working from a prioritized backlog with coordination support from the Engineering Manager.
• Conduct technical spike investigations across the codebase and infrastructure configurations — auditing against security requirements and documenting findings as confirmed open, resolved, or partially addressed,
with scoped implementation recommendations.
• Own the structured audit logging layer within our OpenTelemetry pipeline — defining log granularity requirements (who, what, when, where, outcome, entity identity), validating implementation, and confirming
PHI/PII data masking in DataDog and other observability tooling. Coordinate with the LRE on pipeline architecture and routing.
• Audit and harden TLS configurations, cipher suite settings (FIPS 140-2 compliance), and CORS policies across application and infrastructure layers.
• Review and validate RBAC implementation across application, Kubernetes, and database layers; produce access control documentation for InfoSec evidence submission.
• Audit secrets management practices — Azure Key Vault configuration, secret rotation policies, and CyberArk or equivalent PAM integration.
• Review and validate Okta IdP configuration — session timeout enforcement, MFA policies, lockout configuration, and Saviynt IAM integration.
• Integrate and validate SAST/DAST/SCA tooling (e.g., Veracode or equivalent) into CI/CD pipelines; triage findings and drive remediation prioritization with engineering.
• Support penetration testing engagement by providing technical context, validating scope, and driving remediation of critical and high-severity findings prior to GA.
• Validate and document PostgreSQL backup enablement, restore testing procedures, encryption-at-rest configuration, and data retention policies.
• Contribute to RTO/RPO target definition and validate database rollback and recovery runbooks.
• Produce formal data flow architecture diagrams and technical compliance documentation suitable for InfoSec evidence submission.
• Own vulnerability management execution — technical triage, remediation prioritization, and tracking; report status to the Engineering Manager for upstream coordination.
• Define incident response procedures and contribute to Major Incident Management (MIM) documentation in coordination with the Launch Readiness Engineer.
What We're Looking For
• 5+ years of experience in security engineering or application security, with a track record of hands-on technical delivery in a compliance-adjacent context.
• Familiarity with enterprise security assessment programs — sufficient to execute technical tasks within an active assessment, with coordination overhead handled by others.
• Experience owning structured audit logging requirements — defining log schemas, validating implementation against compliance standards, and auditing for PHI/PII exposure in observability tooling.
• Hands-on experience with TLS/cipher hardening, CORS policy configuration, and FIPS 140-2 compliance validation.
• Working knowledge of SAST/DAST/SCA tooling (Veracode, Snyk, Checkmarx, or equivalent) and CI/CD pipeline integration.
• Experience with secrets management platforms — Azure Key Vault, CyberArk, or equivalent — including rotation practices and audit validation.
• Familiarity with Okta or equivalent IdP: session policy configuration, MFA enforcement, lockout policies, and IAM platform integration.
• Understanding of PHI/PII data handling requirements and data masking in observability and logging tooling.
• PostgreSQL experience relevant to security and compliance: backup/restore validation, encryption-at-rest, and retention policy configuration.
• Ability to produce clear technical security documentation: data flow diagrams, RBAC matrices, DR runbooks, and compliance evidence artifacts.
• Strong individual contributor mindset — able to move independently on a technical backlog with light coordination support.
• Experience with vulnerability management execution: technical triage, prioritization, and remediation tracking.
Nice to Have
• Experience in a healthcare data context — HIPAA compliance, FHIR application security patterns, or clinical data platform security reviews.
• Familiarity with enterprise security tooling: Imperva WAF, Splunk SIEM, SentinelOne, KeyFactor, OneTrust TPRM, or CyberArk PAM.
• Exposure to Azure security services — Microsoft Defender for Cloud, Azure Policy, or Azure Security Center.
• Experience coordinating with third-party penetration testing vendors and tracking findings through to remediation closure.
• Exposure to Kubernetes security hardening — network policies, pod security standards, and workload identity.
• Familiarity with OpenTelemetry pipeline architecture — sufficient to coordinate effectively with the LRE on shared instrumentation boundaries.
• Experience with ServiceNow or equivalent change management tooling for audit-relevant change records.
Engagement Details
• Contract duration aligned to GA launch milestone, with potential for extension.
• Enterprise program enrollment coordination and cross-functional stakeholder management are supported by the Engineering Manager — this role focuses on technical execution.
• Works in close coordination with a paired Launch Readiness Engineer, with a shared ownership boundary on OTel/audit logging.
• Remote-friendly; overlap with core business hours required.
DISCLAIMER: THIS IS NOT UNSOLICITED MAIL. UNDER BILL 1618 TITLE III PASSED BY THE 105TH USA CONGRESS THIS EMAIL CANNOT BE CONSIDERED AS SPAM AS LONG AS WE INCLUDE OUR CONTACT
INFORMATION AND AN OPTION TO BE REMOVED FROM OUR EMAILING LIST. IF YOU HAVE RECEIVED THIS MESSAGE IN ERROR OR, ARE NOT INTERESTED IN RECEIVING OUR EMAILS, PLEASE ACCEPT OUR APOLOGIES. PLEASE REPLY WITH
REMOVE
IN THE SUBJECT LINE. ALL REMOVAL REQUESTS WILL BE HONORED. WE SINCERELY APOLOGIZE FOR ANY INCONVENIENCE CAUSED
