Security & DevOps Engineer

About Us

We’re helping state and local governments deliver better service to their residents with modern, AI-powered tools. As service demands grow and resources remain constrained, we’ve partnered with over 200 government departments across cities, counties, and states to dramatically improve customer service, ranging from simple Q&A to fully self-serve Voice AI guiding people through complex workflows.

Role

You’ll be part of a fast growing, collaborative and rapid paced team. You’ll secure, scale, and operate the infrastructure powering our AI front desk services and CRM Software that are transforming how local governments and organizations provide service to their communities.

You will own security and infrastructure end-to-end, from threat modeling and compliance program management to CI/CD, observability, incident response, and hardening our AWS environment to meet the bar that state and local government data demands.

If You Like

• Building secure-by-default systems that protect sensitive constituent data

• Seeing your work have a meaningful impact on public services

• Tackling a range of challenges across cloud infrastructure, application security, and compliance

• Leveraging AI as part of your engineering process

• Building new things from the ground up

• The flexible and fast-moving nature of a startup

Job Responsibilities

• Own our cloud security posture across AWS (ECS Fargate, Aurora PostgreSQL, SQS, CloudFront, IAM, WAF, GuardDuty, Security Hub) and harden it against evolving threats

• Drive our compliance programs end-to-end: SOC 2 Type II, HIPAA, and our path to StateRAMP / FedRAMP authorization, including evidence collection, policy authorship, and auditor management

• Design and operate CI/CD pipelines, IaC (Terraform/CDK), and deployment workflows that make the secure path the easy path

• Build and maintain infrastructure-as-code that codifies our environments, enforces guardrails, and makes infrastructure changes auditable and repeatable

• Lead application security: threat modeling, secure code review, dependency and container scanning, secrets management, and remediation guidance for engineering teams

• Build observability and incident response capabilities, including logging, alerting, runbooks, on-call rotations, and post-incident reviews

• Manage identity and access at scale, including SSO/SAML, least-privilege IAM, and tenant isolation for our multi-tenant architecture

• Respond to customer security questionnaires, support sales on security and compliance asks from government procurement teams, and represent our security program externally

• Partner with engineering to embed security and reliability into the product, not bolt them on after the fact

Experience and Education

• 4+ years of combined experience in security engineering and DevOps / infrastructure / SRE roles

• Hands-on production experience with AWS, Linux, containers (Docker/ECS/EKS), and infrastructure-as-code

• Working knowledge of at least one major compliance framework (SOC 2, HIPAA, FedRAMP, StateRAMP, ISO 27001), ideally having helped take an organization through audit or authorization

• Strong fundamentals in application security, cloud security, and identity (OAuth/OIDC, SAML, IAM)

• Comfortable writing code to automate security and ops workflows

• Bonus: experience in govtech, healthcare, fintech, or other regulated industries; familiarity with FedRAMP/StateRAMP 3PAO process; CISSP, OSCP, or AWS Security certifications