Staff Systems Engineer

We are seeking a highly experienced Staff Engineer in Infrastructure to contribute to the strategy, architecture, and operations of Infrastructure as Code (IaC) for the Technical Operations group (Azure, GCP, AWS). This role also requires deep expertise in Public Key Infrastructure (PKI) and certificate lifecycle management, Active Directory domain management, infrastructure automation, and infrastructure security (including SIEM). You will be a technical leader operating in highly regulated enterprise environments, including those governed by HIPAA, HiTrust, ISO 27001, FDA, and FIPS 140-2.

Collaboration with Product teams is central: the Staff Engineer will work closely with Product owners and engineering teams to ensure our infrastructure aligns with evolving product requirements, enabling rapid and reliable delivery of digital products. Experience supporting environments with protected health information (PHI) subject to HIPAA, and operating within frameworks such as HiTrust and ISO 27001, is essential. This role will work very closely with our DevOps, SRE, QA, and product teams.

Key Responsibilities

Strategy & Leadership

• Define, implement, and evangelize the strategic roadmap for automated infrastructure deployments and process innovation across hybrid environments.
• Lead and mentor infrastructure engineering teams, fostering a culture of ownership, efficiency, and regulatory compliance.
• Build strong partnerships with Product teams, understanding requirements and ensuring product delivery is enabled by robust, scalable, and compliant infrastructure solutions.

Collaboration with Product Teams

• Partner with Product owners, engineers, and delivery leads to translate product requirements into secure and scalable infrastructure designs.
• Proactively advise Product teams on infrastructure opportunities, limitations, and automation best practices.
• Participate in backlog prioritization and infrastructure enhancements that support the product roadmap.

Infrastructure Automation (IaC)

• Support, and maintain automated infrastructure provisioning using Terraform, Ansible, working with our DevOps team in support of our CI/CD pipelines across cloud (AWS, Azure, GCP) and on-prem resources.
• Evaluate and implement automation and orchestration tools for full infrastructure lifecycle management.

PKI & Certificate Management

• Own Digital-wide PKI architecture and certificate lifecycle management (issuance, renewal, revocation, inventory) for all environments.
• Ensure practices meet rigorous privacy, security, and compliance standards—including HIPAA, HiTrust, ISO 27001, FDA, and FIPS 140-2.
• Work closely with our product teams in support of business requirements and priorities.

Active Directory & Domain Services

• Architect, manage, and maintain Active Directory domains, domain controllers, GPOs, FSMO roles, and directory/hygiene.
• Oversee integrations with cloud platforms (Azure AD, Google Directory), federation, identity/access management, and automation for provisioning, deprovisioning, and auditing.

Monitoring, Security, & SIEM

• Deploy, configure, and operate SIEM solutions for infrastructure monitoring, compliance reporting, threat detection, and incident response.
• Ensure infrastructure controls and alerting mechanisms meet enterprise security and regulatory standards.

Supporting HIPAA, HiTrust, ISO 27001

• Design, implement, and maintain controls and processes required to securely support, store, transmit, and process HIPAA data and PHI.
• Collaborate with InfoSec and Compliance teams to ensure safeguards (administrative, physical, and technical) meet HIPAA, HiTrust, ISO 27001, and other regulatory requirements, staying audit-ready for all frameworks.
• Maintain documentation, facilitate compliance audits, and drive ongoing risk assessments under these regimes.

Operational Excellence

• Establish and track KPIs, SLAs for infrastructure reliability, performance, certificate validity, and compliance posture.
• Lead continual process improvement and incident avoidance through automation and observability.
• Provide technical guidance and escalation support for infrastructure-related incidents.

Additional Responsibilities

• Participate in infrastructure budget planning, vendor evaluation, and contract management.
• Partner closely with InfoSec, Compliance, and Application teams to align security and operational priorities.
• Support change management and incident response protocols and best practices.
• Support Design control principles.
• Support the design and implementation of on-prem virtualization and storage.
• Support Windows and Linux build standards and deployments.
• Support Kubernetes clusters.