DevOps Engineer

Summary

Join Doximity's Infrastructure Security team as an experienced DevOps engineer and contribute to the security of our application and infrastructure stack. You will develop and execute automated security audits, implement a strong security posture in our Kubernetes ecosystem, manage AWS accounts, and participate in the design and maintenance of our infrastructure. This role involves analyzing traffic to protect against malicious actors, leading security audits, maintaining our bug bounty program, and working on security incident response. The position can be filled in San Francisco or remotely in the U.S. Doximity values diverse teams and encourages applications even if you don't meet all requirements.

Requirements

• Extensive AWS knowledge and experience
• Solid understanding of Kubernetes and Helm
• Experience with configuration and resource management tools such as Terraform and Ansible
• Experience with CI and CD using tools such as Github Actions, Atlantis, CircleCI
• Proactively identify areas for improvement and produce action plans
• You’ll be asked to maintain a minimum of 5 hours overlap with 9:30 to 5:30 PM Pacific time
• Participate in a 1-week on and 4 weeks off, business hours on-call rotation
• Travel to company offsites once/quarter is expected

Responsibilities

• Develop, schedule, and execute automated security audits on infrastructure using industry-standard security frameworks like the CIS Benchmark
• Implement a strong security posture in our Kubernetes ecosystem that includes Terraform, Helm, and Ansible
• Manage over 50 AWS accounts including IAM permissions, VPC and networking, firewall (WAF), and edge protection
• Actively participate in the design, implementation, and maintenance of the development, staging, and production infrastructure and application security
• Analyze traffic using tooling and metrics to protect against malicious bots, scrapers, and attackers, while also monitoring CVEs and implementing hotfixes
• Lead security and policy related audits such as SOC2 Type II
• Help maintain our private security bug bounty program hosted on Hackerone : this involves engaging security researchers, validating security finds, determining impact/risk, awarding bounties, and fixing or coordinating remediation efforts
• Work with key stakeholders to document existing security policies and create new ones
• Actively participate in the Security Incident Response (SIR) process to triage security issues and communicate the resolution through post-mortems
• Continuously evaluate and implement security observability tooling, both in the Kubernetes ecosystem and all supporting infrastructure
• Periodically audit and rotate access credentials

Preferred Qualifications

• Experience writing application and/or security penetration tests with an open-source framework
• Experience working with AWS based ingress systems like ELB’s and Cloudfront
• Intermediate to advanced experience administering a WAF
• Experience with Grafana Stack: Prometheus, Loki, and Tempo

Benefits

• Medical, dental, vision offerings for you and your family
• 401k with matching program
• Employee stock purchase plan
• Family planning support, Childcare FSA, and parental leave
• Life, AD&D, and Disability
• Generous time off, holidays and paid company trips
• Wellness benefits…plus many more!