What is this opportunity?

We are looking for a DevSecOps Engineer with a genuine passion for cybersecurity to join our growing security team at Eleos Health, reporting to the CISO. In this role, you will be at the forefront of securing our cloud-native platform and protecting our customer’s data. You will play a critical role in embedding security across our engineering lifecycle from design and development to deployment and runtime working hand-in-hand with R&D, infrastructure, and product teams. This is a high-impact position where your work directly enables Eleos to scale safely and continue delivering life-changing tools to clinicians and their patients.

Who are you?

You are a security professional who thrives at the intersection of development and operations, with at least 5 years of hands-on experience as a SecOps or DevSecOps engineer in a cloud-native environment. You bring deep, practical knowledge of cloud security and are equally comfortable in multi-cloud contexts. You don’t just understand security frameworks and attack methodologies, you are energized by them. You love digging into vulnerabilities, thinking like an adversary, and then building the systems and processes that close those gaps for good.

You are a proactive collaborator who can translate complex security topics for both technical and non-technical audiences. You’re equally confident presenting to developers and briefing leadership. You have a genuine passion for continuous learning, whether that’s diving into emerging AI-assisted threat detection tools, staying ahead of cloud security trends, or exploring the evolving landscape of software supply chain risks.

You are comfortable working with infrastructure-as-code, Kubernetes, and CI/CD pipelines, and you naturally see “shift-left” not as a buzzword but as the right way to build. You care deeply about the mission in our case, protecting the sensitive data of thousands of people and that sense of purpose drives the quality of your work every day.

How will you contribute?

• Drive continuous security improvements across our cloud environments, spanning CSPM, SIEM, software supply chain security, edge security, DDoS protection, and runtime application security.
• Integrate security practices into CI/CD pipelines using a shift-left approach, ensuring security is embedded from the earliest stages of development rather than bolted on at the end.
• Conduct regular vulnerability scans across networks, containers, and cloud infrastructure, and collaborate with R&D teams to prioritize and drive effective remediation.
• Respond to security events and incidents in a timely and effective manner, including post-incident reviews that produce lasting improvements to our detection and response capabilities.
• Monitor networks, systems, and pipelines for anomalous behavior and proactively investigate irregularities before they become incidents.
• Contribute to threat modeling and security design reviews for new and existing systems, ensuring security considerations are built into every product decision.
• Support the evaluation, onboarding, and operationalization of new security tools and procedures, including AI-assisted threat detection platforms and security automation frameworks.
• Review and harden infrastructure-as-code, container configurations, and Kubernetes environments to reduce the attack surface across our platform.
• Test and evaluate security solutions against industry-standard criteria and benchmarks, and share findings with leadership to inform strategic decisions.

What qualifications and skills will help you to be successful?

• At least 5 years of hands-on experience as a SecOps or DevSecOps engineer in a cloud-native environment.
• Strong depth in AWS with multi-cloud experience; well-versed in cloud security best practices including IAM, network segmentation, and data protection.
• Proven experience managing and monitoring security platforms including CSPM, SIEM, and vulnerability management tooling.
• Familiarity with container and Kubernetes security, infrastructure-as-code review and hardening, and CI/CD pipeline security integration.
• Experience with security automation and scripting (Python, Bash, or similar) to build repeatable, scalable security processes.
• Strong communication skills — you can present risk in business terms to leadership and work collaboratively with developers on remediation without slowing them down.

Some nice to haves are

• Hands-on experience with AI/ML security considerations, including securing LLM-based applications and managing AI supply chain risks
• Prior experience in a healthtech, medtech, or other regulated SaaS company.
• Familiarity with zero-trust network architecture principles and experience driving their implementation in a cloud-first organization.

This is a unique opportunity to join a startup that is having a meaningful impact on the well-being and mental health of thousands. We have

• A product that positively impacts peoples' lives every single day.
• A team of amazing people with a shared vision and the infinite drive to make it happen
• We offer significant equity.
• Opportunity to build, grow and become highly instrumental in shaping how technology can increase the effectiveness of therapy.
• Hybrid work opportunities.
• Mental health days off you can take any given moment simply because you need them.