Cloud DevOps & Security Engineer (Healthcare Platform)

Company: Helper Heroes

Website: https://helperheroes.com/

Position: Cloud DevOps & Security Engineer (Healthcare Platform)

Schedule: U.S. timezone (Remote; Full-time)

About Us:

At Helper Heroes PH, we’re on a mission to provide exceptional care and support to home care agencies in America. We believe in creating a true partnership where our employees act and feel like a true member of the American team they are matched with. Our goal is to help them create a compassionate, innovative, and efficient care experience for their clients and their families. To achieve this, we’re looking for a Hero to join our team and help us shine even brighter!

About You:

What sets us apart is YOU. You’re not just any virtual team member—you’re a Hero! If you’re passionate about making a difference, have a knack for organization, and thrive in a fast-paced, mission-driven environment, you’re who we are looking for. If you’re the kind of person who loves tackling behind-the-scenes tasks with a smile, ensuring that our clients' caregivers and clients receive the best possible support, apply today!

Job Overview:

Mission: Make the platform reliable, secure, observable, and fast. You own GCP foundations, CI/CD, zero-trust access, data segregation (MedBridge vs. Assisting Hands), and everything needed for survey-ready compliance.

Key Responsibilities:

• GCP tenancy & segregation: Provision org/folders/projects that separate MedBridge and Assisting Hands; enforce least privilege (IAM), VPC-SC, and per-env (dev/test/prod) boundaries.
• Secrets & identity: Centralize secrets (Google Secret Manager), broker service accounts, short-lived creds; SSO/SAML for admins; device posture checks for iPad and laptops.
• CI/CD: GitHub Actions pipelines (lint, unit, infra test, deploy to Cloud Run/Functions), recipe promotion gates, policy-as-code (OPA/Conftest) for infra changes.
• Observability: Cloud Logging/Monitoring, uptime checks for all crown-jewel services, SLOs/SLIs (error rate, latency, freshness), alerting to TigerConnect and on-call.
• Backup & DR: Define RTO/RPO for data stores (BigQuery, Workato metadata exports, Redox message archives); test restores quarterly; immutable storage for audit artifacts.
• Endpoint & MDM: iPad/iPhone/Mac fleet hardening, OS patch policies, lost device revoke, application allow-lists; wifi/VPN posture rules.
• Security & HIPAA: BAAs in place; audit trails, access logs, ePHI encryption in transit/at rest, DLP policies, least-privileged service routing; vendor risk reviews.
• Edge reliability: Handle “integration sprawl” with API gateways, quotas, caching where safe, and graceful degradation plans to prevent missed visits or delayed claims.
• Cost & performance: Set budgets/alerts, capacity plans, and autoscaling profiles; tag costs by service line.

Must-have

• 5+ years in Cloud/DevOps/SRE, with regulated workloads (HIPAA/HITRUST, SOC2).
• Proven CI/CD buildouts, infrastructure-as-code (Terraform) and policy-as-code.
• Strong IAM design, network security, secrets management.
• Observability design with actionable SLOs, on-call experience.

Nice to have

• Experience with iOS/iPadOS MDM in clinical settings; Apigee or equivalent API management; threat modeling for healthcare.

Key Performance Indicator:

Success metrics (first 90 days)

• Org-level guardrails live; zero shared resources between entities; all prod services behind least-privilege IAM.
• SLOs published for crown-jewels; alert fatigue score trending ↓; MTTR < 30 min.
• Quarterly backup/restore drill passed; RPO/RTO documented and met.
• Device compliance ≥ 95%; no PHI on unmanaged devices; encryption enforced.

30/60/90 plan:

• 30: Stand up org/identity, network, secrets, CI/CD skeleton; baseline monitors; budget alerts. 
• 60: Hardening (WAF/Cloud Armor), SLO dashboards, backup jobs, MDM roll-out, break-glass accounts & drills. 
• 90: Full runbooks, chaos/DR exercise, pentest kickoff, cost/perf reviews, and continuous compliance reporting.

Collaboration & Ways of Working

• Documentation first: Every integration, policy, and change has a markdown runbook and “cut-and-paste” sections for operations. 
• Change management: Git-based PRs with approvals, staging → prod promotions, and rollback procedures. 
• Just Culture: Blameless postmortems; AIL gates prevent risky automation from harming patients, revenue, or compliance. 
• Segregation by design: No shared databases, file buckets, or pipelines between MedBridge and Assisting Hands; separate secrets and keysets. 
• Stakeholders: CEO (Ops), CNO Tamekia (Clinical), Linda Clark RN (Quality/Compliance), Outsourced IT/PM; plus Pharmacy lead for cold-chain exceptions.

Attributes of a Successful Helper Hero:

• Empathy: You genuinely care about people and want to make a difference in their lives.
• Organization: You’re a master of multitasking and can keep everything running smoothly.
• Communication: You speak impeccable English. You’re a clear and friendly communicator, both written and verbal.
• Problem Solver: You can see the big picture when resolving complex issues and follow through until you reach full resolution.
• Self Starter: You work effectively without supervision and follow processes precisely.
• Reliability: You’re dependable, punctual, and always ready to step up when needed.