About Us

Everlab is an early stage HealthTech startup that recently announced a $15m Seed stage round, building tech-enabled healthcare that improves and extends quality of life using cutting-edge medical research and technology. Our products design and coach our members through personalised risk-management and health-optimisation protocols over months and years to measurably improve lives.

Our founding team is experienced in the Medical industry including the preventative health specialist who founded Australia’s first full-body MRI clinic, to serial entrepreneurs that have scaled unicorns and have $500m+ in exits.

Our mission is to solve high-impact problems in healthcare that have never been tackled before, which isn’t easy. We look for people that are excited by this mission and the challenges they bring as our team is driven to solve these problems together.

Our Engineering team is Sydney based with 2-3 days a week in office, in the CBD.

About the role

We're looking for a DevSecOps engineer who can bridge the gap between security, development, and operations while navigating complex healthcare compliance requirements.

Work directly with our Head of Engineering to embed security into our entire software development lifecycle and cloud infrastructure.

You'll be instrumental in building secure-by-default systems while maintaining the velocity our engineering teams need.

This is a unique opportunity to establish DevSecOps practices in a high-growth healthtech environment, implementing policy-as-code and automated compliance for  ISO 27001, SOC2, and other emerging regulations.

Primary Duties

Secure Infrastructure & Compliance Automation

- Design and maintain secure cloud infrastructure using Infrastructure as Code (Pulumi)

- Implement policy-as-code frameworks for automated compliance validation

- Build comprehensive compliance automation for ISO 27001, SOC2, and other regulations

- Automate evidence collection and continuous compliance monitoring

- Create self-updating adaptive policies that evolve with regulatory changes

Security Integration & Advanced Tooling

- Integrate SAST/DAST/IAST tools seamlessly into development workflows

- Implement supply chain security with SBOM generation and dependency scanning

- Build runtime security using eBPF, RASP, and container runtime protection

- Deploy AI-powered threat detection and predictive security analytics

- Create security guardrails that guide developers towards secure choices

Healthcare Cloud Security

- Secure multi-cloud environments

- Implement automated PHI/PII discovery and classification systems

- Design security for our healthcare endpoints

- Build zero-trust architectures with microsegmentation for clinical systems

- Integrate security into healthcare data flows

Advanced Security Engineering

- Conduct security chaos engineering to test resilience

- Implement automated incident detection and response with SOAR

- Build threat intelligence platforms with CTI feeds integration

- Design CNAPP solutions (CSPM, CWPP, CIEM) for cloud security

- Lead purple team exercises combining red and blue team approaches

Clinical Workflow Security

- Secure EHR/EMR/FHIR/HL7 integrations and clinical data pipelines

- Implement security for telehealth platforms and remote patient monitoring

- Build authentication systems for clinical staff with workflow awareness

- Design audit trails that meet healthcare regulatory requirements

- Ensure security doesn't impede clinical care delivery

What we are looking for

While we wouldn't expect someone to have everything on this list, it gives you an idea of what technical skills and experience are looking for:

- 4-7 years in DevOps/SRE with strong security focus, or security engineering with infrastructure experience

- Ideally with deep experience with healthcare compliance

- Hands-on experience securing multi-cloud environments at scale

- Strong coding skills in Python, TypeScript, Go, Bash or similar languages

- Track record of building security automation that developers actually use

Technical Skills

**Cloud Security**: AWS/GCP

**IaC & Policy**: Pulumi, Terraform, with security controls

**Containers**: Docker & Kubernetes security (RBAC, PSP, Network Policies)

**CI/CD Security**: Securing GitHub Actions/GitLab CI, SLSA compliance

**Security Tools**: SAST (SonarQube, Checkmarx), DAST (OWASP ZAP), SCA (Snyk, Black Duck)

**Languages**: Python, Go, Typescript, Bash (expert in at least two)

**Compliance**: Policy-as-code frameworks, automated audit tools

Healthcare & Compliance Knowledge

- Experience with healthcare technical safeguards and audit requirements

- Experience with healthcare-specific threats and breach scenarios

- Knowledge of cybersecurity requirements for the regulated environment of healthcare

- Familiarity with Australian healthcare regulations (preferred)

- Understanding of clinical workflows and their security implications

Advanced Security Skills

- Runtime application self-protection (RASP) implementation

- eBPF for runtime security monitoring

- Supply chain security and software bill of materials (SBOM)

- AI/ML for security analytics and anomaly detection

- Threat modeling and risk assessment methodologies

- Balance security requirements with development velocity

- Translate complex compliance into automated controls

- Strong communication across technical and clinical teams

- Proactive approach to emerging threats and regulations

- Experience building security champions programs

What we offer in return

- Hybrid working with 2-3 days a week in the office and flexibility for appointments, school drop offs etc

- You go through the Everlab health program for free, for your health benefit but also for you to experience the product like a customer

- Equity (ESOP)

- A company culture of highly motivated and driven people that all want to work with the best and be part of building something meaningful