DevOps & Security Engineer

careMESH is an agile, early-stage company at a critical inflection point. We are seeking a Cloud Infrastructure expert to take full ownership of our Google Cloud Platform (GCP) environment. As our first dedicated DevOps/Security hire, you will bridge the gap between development and operations, ensuring our infrastructure is scalable, cost-efficient, and—most importantly—hardened against threats.

Your mission is to build a "secure by default" culture while automating everything from deployment pipelines to compliance auditing.

Core Responsibilities:

1. Infrastructure as Code (IaC) & Automation

• Architect and maintain our GCP production and staging environments (using Terraform).
• Eliminate manual configuration to ensure all infrastructure is version-controlled and reproducible.
• Optimize CI/CD pipelines (GitHub Actions) to ensure safe, zero-downtime deployments.
• Set up and maintain secure connections with customers (i.e., VPN, SMTP, and EHR connections)

2. Security & Compliance Enforcement

• Implement and manage Identity and Access Management (IAM) using the principle of least privilege.
• Lead the technical requirements for security certifications (mainly HITRUST, but also SOC2 Type II, ISO 27001, or HIPAA).
• Manage secrets using Google Secret Manager.
• Conduct regular vulnerability scanning, log analysis (Cloud Logging/Monitoring), and incident response drills.

3. Reliability & Performance

• Manage containerized workloads via Google Kubernetes Engine (GKE).
• Establish "Golden Signals" for monitoring: Latency, Traffic, Errors, and Saturation.
• Implement automated backup and disaster recovery (DR) protocols.

4. Cost Governance

• Monitor cloud spend and implement cost-saving measures (e.g., Committed Use Discounts, Preemptible VMs, and rightsizing).

Experience & Startup DNA

We are a lean team where everyone "gets their hands dirty." We understand that no one has every skill, but a combination of the following, developed over at least a 10-year career, is essential:

- Startup Agility:
You enjoy wearing multiple hats and can prioritize tasks in a fast-paced environment.
- Communication:
You can explain complex security risks to non-technical stakeholders.
- EHR Fluency:
Direct experience with Epic, Oracle Health (Cerner), or Meditech (e.g., App Market integrations, HL7/FHIR workflows).
- Interoperability Mastery:
A working-level knowledge of healthcare standards (HL7 v2, FHIR, CCDS/CCDA) is desired.
- Certification:
Professional Cloud Architect or Professional Cloud Security Engineer.
- Technical Qualifications
- GCP Mastery:
Deep experience with VPCs, GKE, Cloud SQL, Firebase, Cloud Storage.
- IaC Expert:
Professional experience with Terraform is a MUST.
- Security Mindset:
Strong understanding of network security (WAF, Cloud Armor), encryption at rest/transit, and compliance frameworks.
- Linux/Containers:
Advanced knowledge of Linux administration and Docker/Kubernetes orchestration.
- Scripting:
Proficiency in Bash for automating operational tasks.

Location & Logistics

- Remote/Hybrid:
careMESH is a 100% remote organization. However, we meet regularly in our Reston, VA office for strategy and collaboration.
- Requirement:
Candidates
MUST
live in the Washington DC/Maryland/Virginia area or the Eastern Time Zone and be able to travel to Reston every quarter. \*\*Please do not apply if you do not meet these requirements.

Benefits

• The expected salary range for this position is $120,000 - $150,000. Salary ranges are determined by role, experience, and location.
• Remote-first culture
• Comprehensive benefits (Health, 401k)