XE

[Remote] DevSecOps Engineer

Job summary

United States
Engineering

Work model

Fully remote
Only US
3 weeks ago
Job description

Note: The job is a remote job and is open to candidates in USA. Xealth is revolutionizing healthcare by leveraging data and automation to empower care providers. The DevSecOps Engineer will work closely with senior engineers and the InfoSec team to build, maintain, and improve the cloud platform, focusing on security, compliance, and automation.

Responsibilities

  • Support the InfoSec team in running and triaging security scans using tools like Semgrep, Checkov, Lacework, or OWASP ZAP
  • Develop familiarity with HIPAA and SOC2 compliance requirements and apply them to infrastructure work
  • Participate in security reviews and help maintain a security-first development culture
  • Support integration of ongoing BurpSuite testing
  • Contribute to and maintain our AWS infrastructure using Terraform, following established patterns for modularity and reusability
  • Help implement self-scaling and self-healing configurations under the guidance of senior engineers
  • Support VPC, EC2, ECS, EKS, IAM, S3, and SQS environments in a production HIPAA-regulated context
  • Own and improve automation scripts and pipelines using Python or NodeJS, targeting manual toil reduction across the CI/CD lifecycle
  • Assist in integrating security tooling (SAST/DAST/CSPM) into delivery pipelines without blocking developer velocity
  • Identify repetitive manual tasks and propose or implement automation solutions
  • Monitor infrastructure health using logging and metrics tooling (Prometheus, Grafana, LGTM stack) and respond to alerts
  • Participate in on-call rotations with senior engineers and contribute to blameless post-mortems
  • Help document root causes and implement lasting fixes, not just quick patches
  • Leverage AI tools (GitHub Copilot, Claude) to accelerate IaC authoring, documentation, and code review
  • Experiment with prompt-driven approaches including Gemini Enterprise to infrastructure tasks and share learnings with the team
  • Work with agentic operations/agentic engineering tools

Skills

  • Hands-on experience with core AWS services including VPC, EC2, ECS, IAM, S3, and SQS
  • Working knowledge of Terraform; comfortable following and contributing to established module patterns
  • Proficiency in Python or NodeJS for writing clean, maintainable automation scripts
  • Solid understanding of VPC design, TLS/HTTPS, and network security fundamentals
  • Some exposure to SAST, DAST, or CSPM tools (e.g., Semgrep, Checkov, OWASP ZAP, Lacework, or CrowdStrike)
  • Familiarity with logging and monitoring concepts; experience with Prometheus, Grafana, or similar stacks
  • Any exposure to HIPAA, SOC2, or PCI-DSS compliance practices
  • Basic experience operating or deploying workloads in Kubernetes (EKS preferred)
  • Awareness of pull-based deployment patterns (ArgoCD or Flux)
  • AWS Solutions Architect Associate, AWS Developer Associate, or equivalent cloud certifications
  • Hands-on experience with GitHub Actions, Jenkins, or similar tools

Benefits

  • Paid parental leave.
  • Comprehensive medical, dental, and vision policies. Xealth covers 100% of employee premiums.
  • Employee Assistance Programs.
  • Xealth provides your laptop and offers a home office stipend.
  • Generous learning & development opportunities for you to grow your skills and career.
  • 401k Match: Xealth offers a dollar-for-dollar match up to 3%.
  • Flexible time off & 10 standardized holidays.
  • $500 yearly fitness stipend to spend on staying active.

Company Overview

Xealth is a digital health platform that enables healthcare organizations to prescribe and monitor health tools, programs, and services. It is a sub-organization of Samsung Electronics. It was founded in 2017, and is headquartered in Seattle, Washington, USA, with a workforce of 51-200 employees. Its website is http://xealth.io.