Infrastructure and Security Engineer

Statewise is looking for a hands-on Infrastructure and Security Engineer who treats security and reliability as engineering disciplines, not checklists. This is not a “keep the lights on” role. This is an ownership role for someone who wants to design, harden, and scale the infrastructure behind a complex, state-configurable Medicaid EHR platform serving pediatric nursing and IDD home care providers.

We are at a turning point. Our platform runs on AWS, our compliance foundation is solid, and our team is growing. Now we need someone to take our infrastructure to the next level of maturity: more resilient, more observable, more scalable, and hardened beyond baseline compliance. This role will own that evolution.

You will own infrastructure confidence across our production systems: web platform, mobile backend, data pipelines, and integrations. You will define how our systems are provisioned, secured, monitored, and recovered.

Who is Statewise

Statewise is building the future of Medicaid home care software. We are the only EMR and EVV platform built specifically for Medicaid home care providers across Pediatric Nursing, Therapy, Personal Care, and Intellectual and Developmental Disabilities (IDD) services. Our software is designed to handle complex, state-by-state rules and real clinical workflows without the bloat of traditional systems. Everything we build is rooted in simplifying complexity so providers can focus on delivering high-quality care.

What You’ll Do

• Own AWS Infrastructure Architecture & Security
  • Architect and maintain AWS infrastructure across compute, networking, databases, caching, storage, and serverless services
  • Design for scalability, elasticity, and cost efficiency
  • Own VPC architecture, subnet segmentation, routing, and security boundaries
  • Design and enforce IAM policies, least-privilege access, and secrets management
  • Strengthen encryption standards (at rest and in transit) and key management
• Elevate Reliability & Operational Maturity
  • Design and improve monitoring, alerting, and observability across the stack
  • Move from reactive alerts to proactive system health signals
  • Define uptime expectations, SLAs, and capacity planning
  • Create and maintain incident response runbooks and disaster recovery plans
  • Regularly test and validate backup and recovery procedures
• Mature Security Beyond Baseline HIPAA
  • Strengthen AWS security services usage including GuardDuty, WAF, CloudTrail, Config, and Security Hub
  • Own vulnerability scanning, patch management, and remediation tracking
  • Support audits, security assessments, and penetration test remediation
  • Drive toward steady-state audit readiness, not scramble-based compliance
• Own CI/CD & Deployment Safety
  • Improve and maintain Azure DevOps build and release pipelines
  • Implement low-blast-radius release strategies
  • Enforce security gates within deployment workflows
  • Improve rollback confidence and deployment predictability
• Partner with Engineering
  • Collaborate on infrastructure needs for new services and features
  • Drive infrastructure-as-code practices where they create leverage
  • Influence architectural decisions related to scalability, cost, and security
  • Raise operational awareness and security discipline across the team

What We’re Looking For

• You learn systems quickly and reduce ambiguity for yourself and others
• You take ownership of production outcomes, not just task completion
• You think in systems: blast radius, failure domains, and network topology
• You design for security and reliability from the beginning
• You automate what matters without over-engineering
• You are comfortable making production decisions under pressure
• You communicate risk and tradeoffs clearly
• You are hands-on and operate confidently in live environments
• You use AI tools thoughtfully to accelerate investigation, documentation, and operational clarity

Experience & Background

• 5+ years of infrastructure, DevOps, or cloud engineering experience
• Deep hands-on experience with AWS (EC2, RDS, VPC, S3, Lambda, IAM)
• Strong understanding of AWS security services and IAM best practices
• Experience designing scalable, elastic production systems
• Experience maturing and hardening HIPAA-compliant environments
• Strong networking fundamentals: VPCs, subnets, routing, DNS, load balancing
• Experience with monitoring and observability tools (CloudWatch, Datadog, or similar)
• Hands-on experience with CI/CD pipelines (Azure DevOps preferred)
• Familiarity with Infrastructure-as-Code (Terraform, CloudFormation, or CDK)
• Experience in healthcare or regulated software environments strongly preferred
• Must be located in and authorized to work in the United States. Statewise does not provide visa sponsorship at this time.

This Role Is Not a Fit If You

• Prefer managing infrastructure through the console rather than repeatable processes
• Treat security as a compliance checkbox rather than an engineering practice
• Are uncomfortable making production decisions without a full committee
• Focus on tooling over outcomes
• Avoid documentation and knowledge sharing
• Need someone else to define what “secure” means for your systems
• See monitoring as optional rather than foundational
  

What Success Looks Like

• Within 45 days, you understand our AWS architecture and security posture and have identified high-leverage improvements
• Within 90 days, monitoring coverage is stronger, security controls are tightened, and release processes are safer and more predictable
• Within 6 months, infrastructure is more resilient, observable, and audit-ready as a steady state

The team trusts production. Deployments are predictable. Incidents are contained quickly. Leadership has visibility into operational health and security posture.

Benefits & Perks

• Remote-first role (Nashville or Fort Worth proximity is a plus, not a requirement)
• Competitive salary based on experience
• Medical insurance with employer contribution
• HSA with employer contribution
• Dental insurance available (employee-paid)
• 401(k) with employer match
• Flexible PTO with an expectation that people actually take time off
• Paid parental leave