Job Description
Job DescriptionDevOps Engineer Lead– Enterprise Data Platform & HealthLake (FedRAMP Compliance, AWS CDK)
Agency
Maryland Department of Health
Project
MDH Medicaid Enterprise Systems Modular Transformation (MMT)
Location
Hybrid, atleast 2 days per week on-site
Contract Duration
2-year with possible extensions
Interview Type
Video (Google Meet or MS Teams)
Tentative Start Date
09/08/2025
Project Overview
The Maryland Department of Health is seeking a highly skilled DevOps Engineer (8+ years experience) to design, automate, and maintain secure infrastructure for our Enterprise Data Lake (EDL) and AWS HealthLake interoperability platform. This role will leverage AWS CDK for Infrastructure as Code (IaC) and ensure compliance with FedRAMP Rev 4, HIPAA, and CMS standards.
Duties/Responsibilities:
Infrastructure as Code (AWS CDK)
- Build, manage, and version-control infrastructure using AWS CDK in TypeScript/Python for consistent, auditable deployments.
- Define constructs for S3 (Iceberg-backed data lake), MWAA (Airflow), EMR/EMR Serverless, Glue, Redshift, Athena, Lake Formation, EKS, API Gateway, IAM, and AWS HealthLake.
- Implement reusable CDK patterns for security guardrails, network design, monitoring, and compliance reporting.
CI/CD & Automation
- Design and maintain CI/CD pipelines (AWS CodePipeline, CodeBuild, CodeDeploy) to support automated infra, ETL jobs, APIs, and FHIR workloads.
- Integrate policy-as-code checks into the deployment workflow to enforce FedRAMP Rev 4 controls.
- Automate patching, compliance scans, and drift detection across environments.
Monitoring, Reliability & Reporting
- Configure CloudWatch, CloudTrail, Security Hub, GuardDuty, Inspector for logging, alerting, and anomaly detection.
- Develop compliance dashboards and FedRAMP Rev 4 audit reports (access control, encryption, system monitoring, incident tracking).
- Produce regular infrastructure compliance reports to support federal audits and continuous monitoring (ConMon).
- Troubleshoot performance and scaling issues across ETL, APIs, and HealthLake.
Security & Compliance
- Enforce IAM least-privilege, encryption (KMS), and VPC security controls via CDK templates.
- Ensure data encryption in transit/at rest, secure networking, and compliance with HIPAA and CMS security policies.
- Maintain evidence artifacts, automated compliance checks, and reporting workflows for FedRAMP Rev 4 authorization.
Collaboration & Governance
- Work closely with data engineers, API developers, and architects to align infra with ETL frameworks, FHIR APIs, and analytics workloads.
- Partner with security and compliance teams to map AWS services to FedRAMP, HIPAA, and NIST 800-53 controls.
- Document infrastructure standards, runbooks, and reporting processes for audit readiness.
Requirements Education:
A Bachelor's Degree from an accredited college or university with a major in Computer Science, Information Systems, Engineering, Business, or other related scientific or technical discipline.
Required Experience:
- 8+ years of experience in DevOps/Cloud Engineering, building and managing AWS enterprise-scale infrastructure.
- 5+ years of experience with Infrastructure as Code, including 2+ years hands-on with AWS CDK (TypeScript or Python).
- Strong AWS expertise across: S3, EMR/Serverless, Glue, MWAA, Redshift, Athena, Lake Formation, EKS, HealthLake, API Gateway, IAM, KMS.
- 5+ years building and maintaining CI/CD pipelines with AWS CodePipeline, Jenkins, or GitLab CI.
- Demonstrated experience in FedRAMP, HIPAA, or NIST 800-53 compliant environments, including control enforcement and evidence reporting.
- Proven ability to generate FedRAMP Rev 4 compliance reports (audit logs, encryption evidence, access policies, ConMon reports).
- Familiarity with Apache Iceberg, Medallion architecture, and healthcare FHIR interoperability.
- Strong observability experience with CloudWatch, CloudTrail, ELK/OpenSearch, Prometheus/Grafana.
- Excellent collaboration skills with ability to interface with auditors, compliance officers, and engineering team.
Preferred Experience:
- Healthcare data integrations with state Medicaid MMIS, provider directories, or HIEs; experience moving/validating files via SFTP/FTPS with PGP and certificate lifecycle management.
- Experience in CMS or state public-health programs (e.g., provider enrollment, eligibility, claims/encounters), FHIR/HL7 v2, and EDI X12 (834/820/270/271) fundamentals.
Benefits Standard Employee Benefits.
50% Health Insurance Paid by Innosoft, Paid Vacation, 401K Match, STD LTD and AD&D paid by Innosoft.