DevSecOps Engineer role at Xealth to build reliable, secure cloud infrastructure and improve health outcomes for millions.

Requirements

Support InfoSec team in running and triaging security scans using tools like Semgrep, Checkov, Lacework, or OWASP ZAP.
Develop familiarity with HIPAA and SOC2 compliance requirements and apply them to infrastructure work.
Participate in security reviews and help maintain a security-first development culture.
Contribute to and maintain AWS infrastructure using Terraform, following established patterns for modularity and reusability.
Help implement self-scaling and self-healing configurations under the guidance of senior engineers.
Support VPC, EC2, ECS, EKS, IAM, S3, and SQS environments in a production HIPAA-regulated context.
Own and improve automation scripts and pipelines using Python or NodeJS, targeting manual toil reduction across the CI/CD lifecycle.
Assist in integrating security tooling (SAST/DAST/CSPM) into delivery pipelines without blocking developer velocity.
Identify repetitive manual tasks and propose or implement automation solutions.
Monitor infrastructure health using logging and metrics tooling (Prometheus, Grafana, LGTM stack) and respond to alerts.
Participate in on-call rotations with senior engineers and contribute to blameless post-mortems.
Help document root causes and implement lasting fixes, not just quick patches.
Leverage AI tools (GitHub Copilot, Claude) to accelerate IaC authoring, documentation, and code review.

Benefits

Requirements

Support InfoSec team in running and triaging security scans using tools like Semgrep, Checkov, Lacework, or OWASP ZAP.

Develop familiarity with HIPAA and SOC2 compliance requirements and apply them to infrastructure work.

Participate in security reviews and help maintain a security-first development culture.

Contribute to and maintain AWS infrastructure using Terraform, following established patterns for modularity and reusability.

Help implement self-scaling and self-healing configurations under the guidance of senior engineers.

Support VPC, EC2, ECS, EKS, IAM, S3, and SQS environments in a production HIPAA-regulated context.

Own and improve automation scripts and pipelines using Python or NodeJS, targeting manual toil reduction across the CI/CD lifecycle.

Assist in integrating security tooling (SAST/DAST/CSPM) into delivery pipelines without blocking developer velocity.

Identify repetitive manual tasks and propose or implement automation solutions.

Monitor infrastructure health using logging and metrics tooling (Prometheus, Grafana, LGTM stack) and respond to alerts.

Participate in on-call rotations with senior engineers and contribute to blameless post-mortems.

Help document root causes and implement lasting fixes, not just quick patches.

Leverage AI tools (GitHub Copilot, Claude) to accelerate IaC authoring, documentation, and code review.