
Lead Automation Engineer
Parachute Health is transforming post-acute care as the leading digital ordering platform for medical equipment and supplies. We connect major health systems, health plans, and suppliers to help patients get the life-saving products they need at home. Since launching, we've connected 300,000+ clinicians and 3,000+ supplier locations across all 50 states and helped 15M+ patients. What started as a DME ePrescribing tool has become the order management platform of choice for home medical equipment.
Join our team and make a difference in patient care.
About the Role
You'll be the dedicated Automation Engineer embedded in Parachute Health's IT & Security team. You'll build (code and program) internal applications, automation services, and AI agents that replace manual work across identity, endpoint, cloud security, compliance, and incident response, in an environment governed by HIPAA, SOC 1, SOC 2, and HITRUST.
Responsibilities
- Build full-stack internal tooling using React, Node.js, and the Okta API for SSO/identity integration, approval workflows, and automated provisioning logic.
- Write Python automation and webhook-driven orchestration services that react to HR system events and coordinate provisioning/deprovisioning across Okta, AWS, GitHub, and other SaaS tools.
- Integrate with 30+ systems (AWS, GitHub, Okta, Drata, Splunk) at scale, pulling structured data and writing it into downstream platforms on a schedule.
- Build security alert enrichment pipelines that pull context from logs, CMDB, and HR systems to produce triaged, actionable tickets.
- Develop AI agents on the Anthropic API using MCP servers (Python and TypeScript) that safely interact with internal systems for access reviews, compliance drafting, and ticket triage.
- Write detection-as-code, including Splunk SPL queries, Wazuh rules, and SQL, that turns raw log data into actionable alerts.
- Exercise workflow automation judgment: know when to reach for n8n versus building a full service, and build lightweight integrations when that's the right call.
Requirements
- Minimum 2 years of professional software engineering experience in a production web environment.
- Strong professional experience in Python or TypeScript/Node.js (our primary languages), plus comfort with SQL and Bash; bonus if you're strong in both Python and TypeScript.
- Comfort writing SQL against real production datasets (Redshift, BigQuery, or Postgres).
- Hands-on experience with AWS (IAM, Lambda, ECS, EKS, S3, RDS/Aurora, Secrets Manager) and Infrastructure-as-Code; GCP/BigQuery experience a plus.
- Experience integrating with REST/GraphQL APIs and webhooks across SaaS platforms (e.g., Okta, GitHub, Splunk, Drata, Datadog, or similar IT/security tools).
- Strong fundamentals: data structures, design patterns, testing, code reviews.
- Comfort ramping up on our deployment and observability tooling: GitHub Actions, ArgoCD, EKS, Datadog, and Splunk.
- Security-first mindset: comfort with least privilege, secrets handling, PHI exposure, and audit trails.
- Must reside in the U.S.
Nice to Have
- Experience building AI agents or LLM-powered tools in production: agent architectures, tool integration, MCP, retrieval-augmented generation, eval frameworks.
- Experience driving AI adoption across a technical team (pairing, demos, reusable skills/plugins).
- Familiarity with our stack: Okta, ZScaler, Splunk/Wazuh, Lacework, Drata, Datadog, n8n.
- SIEM detection engineering (Splunk SPL, Wazuh rules, Sigma).
- Experience with Kubernetes (EKS), GitOps (ArgoCD), or service mesh (Istio with OIDC/JWT).
- Healthcare technology background: exposure to HIPAA, PHI handling, or DME workflows.
- Security or cloud certifications (CISSP, CCSP, AWS Security Specialty, GCIH, OSCP).
- Professional experience with Ruby on Rails (Parachute's primary product stack, useful for cross-team collaboration).
- Experience as a technical lead bridging IT, Security, Engineering, and Compliance stakeholders.
What a typical week looks like
- Code review, write, and ship - Python services, TypeScript tools, SQL queries, agent definitions.
- Pair with security analysts and IT engineers to translate operational pain into shipped automation.
- Design and build APIs, schedulers, and event-driven services that integrate across our SaaS stack.
- Write tests, dashboards, and runbooks for everything you ship.
- Participate in an on-call rotation for the IT/Security tooling you own (not customer-facing platform).
- Sit in on architecture reviews and incident response.
Benefits
- Medical, Dental, and Vision Coverage: Comprehensive plans with options for low-to-no-cost premiums.
- Employer HSA Contribution: Company-funded contributions to your Health Savings Account.
- 401(k) Retirement Plan
- Equity Incentive Plan
- Annual Company-Wide Bonus: Opportunity for up to 15% bonus based on company performance.
- Remote-First Culture: We are remote-first with a dedicated NYC office and reimbursement options for co-working spaces.
- Flexible Vacation Policy
- Summer Fridays: 5 additional Fridays off during the summer (separate from PTO).
- Home Office and Wellness Stipend
- Monthly Internet Stipend
- Annual Learning and Development Stipend
Base Salary Band (based on experience and level)
$80,000 - $130,000
California job applicants may access the Notice of Collection of Personal Information and Privacy Policy with information and rights required by the California Privacy Rights Act (CPRA) the link here.
We are proud to be an equal opportunity employer that does not discriminate on the basis of actual or perceived race, color, creed, religion, national origin, ancestry, citizenship status, age, sex or gender (including pregnancy, childbirth related medical conditions and lactation), gender identity or gender expression (including transgender status), sexual orientation, marital status, military service and veteran status, disability, genetic information, or any other characteristic protected by applicable federal, state, or local laws and ordinances.
This role is not eligible for employer visa sponsorship. Applicants must be legally authorized to work in the United States at the time of application and for the duration of employment. The Company does not sponsor employment authorization for this position.
Apply for this job
*
indicates a required field
.png?1781375570)