DevSecOps / Platform Engineer (Boston preferred)

About RightMove:

RightMove is redefining how value-based musculoskeletal (MSK) care is delivered. Built in partnership with the Hospital for Special Surgery (HSS), we’re creating a new standard of coordinated, expert-led care that gets people moving better and faster.  

We partner with PCPs, Orthopedic specialists, and health plans to deliver high-value, patient-centered MSK care. Our value-based care model includes patient engagement, virtual physical therapy, and care navigation to high-value imaging and specialty partners.   

Our Mission & Values   

We’re a high-performing team driven by one mission: to free people to move and thrive.  At RightMove, we move fast, collaborate deeply, and deliver with precision. We’re a startup with enterprise-grade rigor—where talented operators, engineers and clinicians challenge conventions to improve patient outcomes.  

We live our values every day:  

• Perform to Win – We bring our best to deliver measurable results, valuing impact over optics.  

• Be Direct with Respect – We communicate clearly, with honesty and care.  

• Move as One Team – We win together, across roles and functions.  

• Act with Agency – Our teams have high trust and high accountability, with the freedom to own and responsibility to deliver.  

• Choose Optimism – We bring energy and perspective, even when the work is hard. 

About the role:

We run a serverless-first stack on AWS, and we operate as a true DevOps org: engineers build and own their own infrastructure, but we’re looking to add a DevOps/Platform engineer to the team to help us grow. 

This is a sole-platform-engineer role today, with real autonomy and real scope. You’ll work across infrastructure, developer experience, and security/compliance. You’ll build tooling so that we don’t have to keep reinventing the wheel; you’ll standardize and update our infrastructure; and you’ll own and update our CI/CD pipeline so we can deploy code safely and quickly. 

What you’ll own:

Application infrastructure 

• Build and maintain reusable infrastructure components, so application engineers can safely stand up new components without shooting themselves in the foot. 

• Take the lead on improving observability (monitoring, alerting, etc), so it’s easy for application engineers to know that their code is running, and to learn about issues before users have to report them. 

• Solve concrete infra needs as they arise — everything from setting up SFTP sites for customer file-sharing to creating a pathway so that outbound API requests are sent from a fixed IP. 

• Standardize and harden our AWS footprint, with security, budget, and HIPAA considerations front of mind. 

Developer experience 

• Make our CI/CD pipelines faster and more effective. 

• Solve developer pain points like shared dev environments and locally running code. 

• Help us move to the next stage of maturity with improved monitoring and alerting tools. 

Security Engineering 

• You'll own security tooling integration across our SDLC — embedding automated scanning and policy enforcement so that security is a feature of our delivery pipeline, not a final gate. 

• Run and tune SAST, DAST, SCA, and container scanning tools so the signal-to-noise ratio is actually usable. 

• Implement guardrails and controls using AWS-native services such as AWS Security Hub, GuardDuty, and Config; conduct regular vulnerability scans, configuration reviews, and remediation tracking.  

• Threat model new services and architecture changes before they ship, ideally during design review rather than after launch. 

Other duties 

• Act as the technical interface to our outsourced IT department and recognize when our users need additional support. 

What we’re looking for:

• Strong AWS experience, especially serverless (currently AppSync and Lambdas, but we’re considering a move to API Gateway). 

• Solid infrastructure-as-code expertise (Terraform, CloudFormation, CDK, or similar). We’re currently transitioning from the Serverless Framework to CDK (TypeScript); CDK experience is a plus, but strong IaC fundamentals matter more. 

• A platform mindset: you measure your success by how productive you make other engineers, not by how many tickets you close. 

• Comfortable in code: not afraid to edit application code to achieve infrastructure or tooling goals. 

• Solid grasp of cloud security fundamentals (IAM, network boundaries, secrets, least privilege). 

• CI/CD pipeline experience and a bias toward automation. 

• Comfort operating with autonomy in a small team where you’ll likely wear many hats. 

Nice to have 

• Experience supporting SOC 2, HIPAA, or similar audits/compliance regimes. 

• SSO / identity tooling (Okta, AWS IAM Identity Center, etc.).