Koda Health is looking for a Senior Infrastructure & Security Engineer to own the reliability, security, and operational health of our production systems.

You'll be the person responsible for keeping our platform running, secure, and observable — owning everything from AWS infrastructure and deployment pipelines to incident response, security compliance, and production monitoring. You'll work directly with the CTO and a small engineering team.

This is a hands-on, high-ownership role. We run a multi-region healthcare platform on AWS with real uptime requirements, HIPAA obligations, and SOC 2 compliance. You'll inherit a mature CDK codebase and be expected to extend it, harden it, and build the monitoring and incident management layer.

We also want someone who can contribute to the codebase and automate operational work. You won't be a full-time software engineer, but you should be comfortable using AI coding tools like Claude Code to make small TypeScript PRs, triage Sentry errors, fix production bugs, and set up automated monitoring, triage, and recurring infrastructure health checks.

Expect roughly:

• 60–70% infrastructure, architecture, reliability, and monitoring
• 10–20% security, compliance, and vendor questionnaires
• 5–10% TypeScript contributions (bug fixes, small features, Sentry triage)

What You'll Do

Production Reliability & Observability

• Own the operational health of production across two AWS regions
• Investigate production issues, lead root-cause analysis, and drive resolution
• Build and maintain dashboards that give real-time visibility into application health, queue depths, API latency, and error rates
• Monitor SQS/SNS queue health, dead-letter queues, and event processing pipelines
• Expand observability beyond CloudWatch - evaluate and implement distributed tracing, APM, and log aggregation
• Oversee weekly deployments to production
• Own cost monitoring and alerting (Budget alerts, Cost Explorer)
• Improve automated uptime and SLA reporting

AWS Infrastructure & CDK

• Own and evolve all AWS infrastructure defined in CDK
• Lead the migration to capturing 100% of cloud infrastructure in CDK
• Manage and improve services: Lambda, ECS Fargate, Elastic Beanstalk, S3, CloudFront, SNS, SQS, EventBridge, WAF, Cognito
• Support multi-region uptime, disaster recovery planning, and backup/restore practices
• Improve cross-region replication and automated failover
• Own deployment pipelines, release processes, and database migration safety
• Support and evolve data pipelines used for analytics and product features
• Set standards for how we ship, deploy, and operate software at scale

Security, Compliance & Hardening

We're a healthcare company. HIPAA and SOC 2 aren't checkboxes - they're how we operate. You'll own the security posture of our infrastructure.

• Maintain and harden AWS infrastructure with a strong security mindset
• Own vulnerability remediation and SLA timelines
• Help respond to security questionnaires and vendor assessments
• Own and improve WAF rules, security groups, IAM policies, and network configuration
• Own SecurityHub, AWS Config, VPC Flow Logs, and CloudTrail
• Support GuardDuty malware scanning and S3 upload security
• Ensure SOC 2 and HIPAA compliance across infrastructure
• Manage secrets, key rotation, and access controls
• Conduct periodic security reviews of infrastructure and application configuration

Backend Contributions

You're not a full-time developer, but you can ship some code with the help of AI coding tools.

• Triage and fix production errors surfaced by Sentry
• Make small TypeScript PRs to backend services
• Debug complex production issues that span infrastructure and application code
• Participate in architecture discussions, especially around infrastructure and deployment concerns