The Principal DevSecOps Engineer will serve as a senior technical leader within the DevSecOps Center of Excellence (CoE), driving automation, security, observability, and cost optimization across the enterprise. This role operates at the CoE level—establishing global standards, frameworks, reusable automation modules, and governance that enable consistent and secure software delivery at scale. This individual will act as a technical authority, mentor, and cross-functional collaborator, ensuring that DevSecOps best practices are applied across CI/CD pipelines, infrastructure-as-code (IaC), cloud security, and FinOps. The role requires strong hands-on expertise in DevSecOps tooling, a deep understanding of modern cloud-native architectures, and the ability to influence product teams through thought leadership, frameworks, and reusable solutions. Key Responsibilities Technical Leadership & CoE Governance - Act as the technical lead for the DevSecOps CoE, driving strategy and execution of security, automation, and observability practices. - Design and maintain reusable CI/CD frameworks, IaC modules, and security guardrails for consistent adoption across all product lines. - Define, document, and enforce DevSecOps standards, policies, and best practices. - Mentor embedded DevSecOps engineers and provide guidance on pipeline design, automation, cost optimization and compliance. CI/CD Architecture & Automation - Architect and optimize CI/CD pipelines (GitHub Actions, GitLab CI, ArgoCD, Jenkins, Artifactory, Veracode) to enable frequent, secure deployments. - Integrate SAST, SCA, DAST, and container scanning into delivery workflows. - Establish GitOps practices using Terraform, Pulumi, or Crossplane for infrastructure provisioning. - Track and drive improvements in DORA metrics (deployment frequency, lead time, MTTR, change failure rate). Security, Compliance & Observability - Implement “shift-left” security by embedding security testing and compliance automation into pipelines. - Partner with Security and SRE teams to enforce SLIs, SLOs, and error budgets in delivery pipelines. - Advance unified observability initiatives by integrating New Relic, Datadog, Prometheus, Grafana, OpenTelemetry, and CloudWatch into pipelines. - Ensure compliance with HIPAA, SOC2, GDPR, and internal governance frameworks. FinOps & Cost Governance - Build cost-awareness into CI/CD and IaC workflows by embedding FinOps checks and cost gates. - Collaborate with FinOps and Cloud teams to enforce cost tagging, rightsizing, and efficiency standards. - Provide insights and automation for cloud cost optimization across AWS services (EKS, ECS, EC2, S3, RDS, containers). Cross-Functional Collaboration - Partner with Engineering, Product, SRE, and Security leaders to align on standards and frameworks. - Drive knowledge sharing and enablement through playbooks, templates, documentation, and internal CoP (Community of Practice) sessions. - Act as the escalation point for complex DevSecOps technical challenges across teams. Qualifications & Experience Required - 15+ years in DevOps, Cloud, or Security Engineering, with expert-level technical leadership in DevSecOps. - Strong expertise in CI/CD pipeline design, automation, and governance. - Hands-on with CI/CD tools: GitHub Actions, GitLab CI, ArgoCD, Artifactory, Jenkins, Veracode, SonarQube. - Deep experience with cloud security and AWS services (IAM, KMS, GuardDuty, Security Hub, CloudTrail). - Proficiency in containers & orchestration (Docker, Kubernetes, EKS, ECS). - Strong hands-on with Infrastructure-as-Code and GitOps (Terraform, Pulumi, Crossplane, CloudFormation). - Familiarity with observability platforms (New Relic, Datadog, Prometheus, Grafana, OpenTelemetry, CloudWatch). - Programming/scripting expertise in Python, Go, C#, and shell scripting. - Knowledge of DORA metrics and proven success in improving delivery performance. - Practical experience with FinOps practices and cost governance. Preferred - Experience in large-scale SaaS or healthcare environments. - Knowledge of databases: MongoDB, Elasticsearch, SQL Server, Oracle. - Certifications: AWS Security Specialty, CKA/CKAD, FinOps Certified Practitioner, CISSP, CCSP. - Strong ability to influence across global teams without direct authority. Estimated Salary Range: $182,000 - $214,000 plus bonus The base salary range represents the anticipated low and high end of the GHX’s salary range for this position. The base salary is one component of GHX’s total compensation package for employees. Other rewards and benefits include: health, vision, and dental insurance, accident and life insurance, 401k matching, paid-time off, and education reimbursement, to name a few. To view more details of our benefits, visit us here: https://www.ghx.com/about/careers/ #LI-SR GHX: It's the way you do business in healthcare Global Healthcare Exchange (GHX) enables better patient care and billions in savings for the healthcare community by maximizing automation, efficiency and accuracy of business processes. GHX is a healthcare business and data automation company, empowering healthcare organizations to enable better patient care and maximize industry savings using our world class cloud-based supply chain technology exchange platform, solutions, analytics and services. We bring together healthcare providers and manufacturers and distributors in North America and Europe - who rely on smart, secure healthcare-focused technology and comprehensive data to automate their business processes and make more informed decisions. It is our passion and vision for a more operationally efficient healthcare supply chain, helping organizations reduce - not shift - the cost of doing business, paving the way to delivering patient care more effectively. Together we take more than a billion dollars out of the cost of delivering healthcare every year. GHX is privately owned, operates in the United States, Canada and Europe, and employs more than 1000 people worldwide. Our corporate headquarters is in Colorado, with additional offices in Europe. Disclaimer Global Healthcare Exchange, LLC and its North American subsidiaries (collectively, “GHX”) provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, national origin, sex, sexual orientation, gender identity, religion, age, genetic information, disability, veteran status or any other status protected by applicable law. All qualified applicants will receive consideration for employment without regard to any status protected by applicable law. This EEO policy applies to all terms, conditions, and privileges of employment, including hiring, training and development, promotion, transfer, compensation, benefits, educational assistance, termination, layoffs, social and recreational programs, and retirement.GHX believes that employees should be provided with a working environment which enables each employee to be productive and to work to the best of his or her ability. We do not condone or tolerate an atmosphere of intimidation or harassment based on race, color, national origin, sex, sexual orientation, gender identity, religion, age, genetic information, disability, veteran status or any other status protected by applicable law. GHX expects and requires the cooperation of all employees in maintaining a discrimination and harassment-free atmosphere. Improper interference with the ability of GHX’s employees to perform their expected job duties is absolutely not tolerated. Read our GHX Privacy Policy

• The ability to design and implement scalable, secure, and automated infrastructure using tools like Terraform, CloudFormation, and Ansible. • Solid experience with containerization and orchestration tools like Docker, Kubernetes, and Helm. • Strong understanding of CI/CD pipelines and tools like Jenkins, GitLab CI, and GitHub Actions. • Experience working with public cloud platforms such as AWS, GCP, or Azure. • Proficiency in scripting and automation using languages like Bash, Python, or Go. • Proven ability to mentor other engineers, lead technical initiatives, and make architectural decisions for large-scale infrastructure.

• Designs, implements, and continuously improves observability strategies across services, including metrics, logs, traces, alerts, and dashboards. • Focuses on understanding system behavior in production, identifying failure modes, performance bottlenecks, and reliability risks. • Evolves and maintains shared AWS CDK and CDK8s constructs, with emphasis on observability, autoscaling, and operational safeguards rather than basic infrastructure provisioning. • Maintains and operates core platform components such as VPC, EKS clusters, RDS, OpenSearch, and MSK, ensuring they expose meaningful operational signals. • Operates and enhances Kubernetes cluster addons such as ingress controllers, cert-manager, autoscalers, and monitoring, logging, and tracing stacks. • Defines and maintains SLIs, SLOs, and alerting strategies that clearly distinguish between symptoms, root causes, and actionable operational events. • Improves automated operational responses, including autoscaling, self-healing mechanisms, and runbook-driven remediation. • Ensures high reliability through structured alerting systems (Prometheus, CloudWatch), noise reduction, alert quality improvements, and recovery mechanisms. • Collaborates with engineering teams to investigate production incidents, perform root cause analysis, and drive long-term reliability improvements. • Owns CI/CD pipelines for Infrastructure as Code (IaC) and observability-related platform components. • Applies Site Reliability Engineering (SRE) principles—including observability-first design, error budgets, and operational readiness—to shared platform services. • Supports IAM roles, secrets management, and tenant isolation best practices.

Infrastructure / Site Reliability Engineer (SRE) Bank-Grade Cloud Infrastructure & Platform Reliability Location: US-based (Remote friendly) Experience: Senior-level preferred (5–10+ years) Company: Stablecore About Stablecore Stablecore is building the digital-asset side-core for banks. We help regulated financial institutions safely launch and operate crypto-native products, stablecoins, tokenized deposits, custody, and on-chain payments, while integrating directly with their existing banking cores and compliance frameworks. Our customers are banks. Our counterparts are regulators. Our systems must be correct, auditable, resilient, and secure by default. Role Overview We are looking for an Infrastructure / SRE Engineer to design, operate, and harden the cloud and platform foundations that Stablecore runs on. This role owns reliability, security posture, deployment safety, and operational maturity across a multi-region, bank-grade environment. You will work closely with backend engineers, security, and compliance to ensure that the systems moving real money remain available, correct, and defensible under audit. This is not “keep the lights on” IT. You’ll be building and operating infrastructure that regulators, bank risk teams, and third-party auditors scrutinize in detail. What You’ll Work On - Design and operate multi-region AWS infrastructure with strong isolation and failure boundaries - Own production EKS clusters (multi-region, multi-AZ) including: - Cluster lifecycle, upgrades, and node management - Network policies, ingress/egress, and service isolation - Operate Aurora PostgreSQL (Global Database): - Writer / reader topology - Cross-region replication, failover, and DR testing - Build and maintain CI/CD pipelines in GitLab: - Secure build pipelines - Environment promotion and deployment safety - Artifact integrity and traceability - Manage container supply chain security using Harbor: - Image scanning - Provenance and access control - Operate identity and access control via Keycloak: - Realm design and lifecycle - Integration with internal services and gateways - Design and maintain Cloudflare protections: - WAF, rate limiting, bot protection - Zero Trust access patterns - Implement observability, alerting, and incident response: - Metrics, logs, traces - On-call readiness and runbooks - Partner with security and compliance teams on: - SOC 2 / ISO / bank TPRM requirements - Evidence generation and audit readiness - Participate in architecture decisions around: - Multi-tenancy vs isolation - Blast-radius reduction - Availability vs consistency tradeoffs Technical Stack - Cloud: AWS (EKS, Aurora Global, IAM, KMS, VPC, networking) - CI/CD: GitLab - Edge & Security: Cloudflare - Identity: Keycloak - Container Registry: Harbor - Platform: Kubernetes - Observability: Metrics, logs, tracing (tool-agnostic, but production-grade) What We’re Looking For - Strong experience operating production AWS infrastructure at scale - Deep hands-on experience with Kubernetes / EKS - Experience running PostgreSQL or Aurora in high-availability, regulated environments - Comfort owning production reliability, including on-call and incident response - Strong security instincts around: - IAM and least privilege - Network boundaries - Secrets management - Experience designing systems that survive audits, failures, and human error - Clear communication and calm judgment during incidents Nice to Have - Experience supporting fintech, banking, or regulated platforms - Prior exposure to SOC 2, ISO 27001, FFIEC, or bank TPRM processes - Experience with multi-region DR testing and failover exercises - Familiarity with GitOps or infrastructure-as-code patterns - Experience supporting platforms that move money or other irreversible assets Why This Role Is Interesting - You’ll build infrastructure that banks trust with real money - Reliability, security, and correctness actually matter here - Problems are concrete, high-stakes, and non-theoretical - Close collaboration with backend, security, and compliance teams - Opportunity to shape foundational platform decisions early