DevOps & Security Engineer

careMESH is an agile, early-stage company at a critical inflection point. We are seeking a Cloud Infrastructure expert to take full ownership of our Google Cloud Platform (GCP) environment. As our first dedicated DevOps/Security hire, you will bridge the gap between development and operations, ensuring our infrastructure is scalable, cost-efficient, and—most importantly—hardened against threats.

Your mission is to build a "secure by default" culture while automating everything from deployment pipelines to compliance auditing.

Core Responsibilities: 1. Infrastructure as Code (IaC) & Automation

Architect and maintain our GCP production and staging environments (using Terraform).

Eliminate manual configuration to ensure all infrastructure is version-controlled and reproducible.

Optimize CI/CD pipelines (GitHub Actions) to ensure safe, zero-downtime deployments.

Set up and maintain secure connections with customers (i.e., VPN, SMTP, and EHR connections) 2. Security & Compliance Enforcement

Implement and manage Identity and Access Management (IAM) using the principle of least privilege.

Lead the technical requirements for security certifications (mainly HITRUST, but also SOC2 Type II, ISO 27001, or HIPAA).

Manage secrets using Google Secret Manager.

Conduct regular vulnerability scanning, log analysis (Cloud Logging/Monitoring), and incident response drills.

• Reliability & Performance

Manage containerized workloads via Google Kubernetes Engine (GKE).

Establish "Golden Signals" for monitoring: Latency, Traffic, Errors, and Saturation.

Implement automated backup and disaster recovery (DR) protocols.

• Cost Governance

Monitor cloud spend and implement cost-saving measures (e.g., Committed Use Discounts, Preemptible VMs, and rightsizing).

Experience & Startup DNA

We are a lean team where everyone "gets their hands dirty." We understand that no one has every skill, but a combination of the following, developed over at least a 10-year career, is essential:

Startup Agility: You enjoy wearing multiple hats and can prioritize tasks in a fast-paced environment.

Communication: You can explain complex security risks to non-technical stakeholders.

EHR Fluency: Direct experience with Epic, Oracle Health (Cerner), or Meditech (e.g., App Market integrations, HL7/FHIR workflows).

Interoperability Mastery: A working-level knowledge of healthcare standards (HL7 v2, FHIR, CCDS/CCDA) is desired.

Certification: Professional Cloud Architect or Professional Cloud Security Engineer.

Technical Qualifications

GCP Mastery: Deep experience with VPCs, GKE, Cloud SQL, Firebase, Cloud Storage.

IaC Expert: Professional experience with Terraform is a MUST.

Security Mindset: Strong understanding of network security (WAF, Cloud Armor), encryption at rest/transit, and compliance frameworks.

Linux/Containers: Advanced knowledge of Linux administration and Docker/Kubernetes orchestration.

Scripting: Proficiency in Bash for automating operational tasks. Location & Logistics

Remote/Hybrid: careMESH is a 100% remote organization. However, we meet regularly in our Reston, VA office for strategy and collaboration.

Requirement: Candidates MUST live in the Washington DC/Maryland/Virginia area or the Eastern Time Zone and be able to travel to Reston every quarter. **Please do not apply if you do not meet these requirements. Benefits The expected salary range for this position is $120,000 - $150,000.

Salary ranges are determined by role, experience, and location. Remote-first culture

Comprehensive benefits (Health, 401k)