Security & DevOps Engineer at Polimorphic

New York, New York, United States -

Full Time

Start Date

Immediate

Expiry Date

09 Sep, 26

Salary

195000.0

Posted On

12 Jun, 26

Experience

5 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

AWS, DevOps, Cloud Security, Terraform, CI/CD, SOC 2, HIPAA, FedRAMP, Infrastructure as Code, Application Security, Threat Modeling, Container Security, Observability, IAM, Linux, Docker

Industry

Software Development

Description

ABOUT US We’re helping state and local governments deliver better service to their residents with modern, AI-powered tools. As service demands grow and resources remain constrained, we’ve partnered with over 200 government departments across cities, counties, and states to dramatically improve customer service, ranging from simple Q&A to fully self-serve Voice AI guiding people through complex workflows. ROLE You’ll be part of a fast growing, collaborative and rapid paced team. You’ll secure, scale, and operate the infrastructure powering our AI front desk services and CRM Software that are transforming how local governments and organizations provide service to their communities. You will own security and infrastructure end-to-end, from threat modeling and compliance program management to CI/CD, observability, incident response, and hardening our AWS environment to meet the bar that state and local government data demands. IF YOU LIKE * Building secure-by-default systems that protect sensitive constituent data * Seeing your work have a meaningful impact on public services * Tackling a range of challenges across cloud infrastructure, application security, and compliance * Leveraging AI as part of your engineering process * Building new things from the ground up * The flexible and fast-moving nature of a startup JOB RESPONSIBILITIES * Own our cloud security posture across AWS (ECS Fargate, Aurora PostgreSQL, SQS, CloudFront, IAM, WAF, GuardDuty, Security Hub) and harden it against evolving threats * Drive our compliance programs end-to-end: SOC 2 Type II, HIPAA, and our path to StateRAMP / FedRAMP authorization, including evidence collection, policy authorship, and auditor management * Design and operate CI/CD pipelines, IaC (Terraform/CDK), and deployment workflows that make the secure path the easy path * Build and maintain infrastructure-as-code that codifies our environments, enforces guardrails, and makes infrastructure changes auditable and repeatable * Lead application security: threat modeling, secure code review, dependency and container scanning, secrets management, and remediation guidance for engineering teams * Build observability and incident response capabilities, including logging, alerting, runbooks, on-call rotations, and post-incident reviews * Manage identity and access at scale, including SSO/SAML, least-privilege IAM, and tenant isolation for our multi-tenant architecture * Respond to customer security questionnaires, support sales on security and compliance asks from government procurement teams, and represent our security program externally * Partner with engineering to embed security and reliability into the product, not bolt them on after the fact EXPERIENCE AND EDUCATION * 4+ years of combined experience in security engineering and DevOps / infrastructure / SRE roles * Hands-on production experience with AWS, Linux, containers (Docker/ECS/EKS), and infrastructure-as-code * Working knowledge of at least one major compliance framework (SOC 2, HIPAA, FedRAMP, StateRAMP, ISO 27001), ideally having helped take an organization through audit or authorization * Strong fundamentals in application security, cloud security, and identity (OAuth/OIDC, SAML, IAM) * Comfortable writing code to automate security and ops workflows * Bonus: experience in govtech, healthcare, fintech, or other regulated industries; familiarity with FedRAMP/StateRAMP 3PAO process; CISSP, OSCP, or AWS Security certifications

Responsibilities

Own the end-to-end security and infrastructure for AI-powered government services, focusing on AWS hardening and compliance management. Design secure CI/CD pipelines and lead application security efforts including threat modeling and incident response.