Join Candid Health: Senior Security Enginee
We're on a mission to fix one of the most broken and costly pieces of the US healthcare system: medical billing. Today, providers face over $250B in administrative overhead annually just to get paid. This isn't just a financial burden; it's a barrier to care.
At Candid Health, we're reimagining medical billing from the ground up. We're building sophisticated software, powered by best-in-class data science and emerging machine learning, to automate this complex, nuanced process – a challenge arguably 100x harder than credit card processing. Our goal is to make healthcare providers' lives dramatically easier and more inexpensive, allowing them to focus on what matters most: patient care.
As a proud Y Combinator W20 alumnus, we're well-funded by world-class investors like 8VC, First Round Capital, and BoxGroup. Our impact is real and immediate: we're helping customers treat opioid addiction, provide holistic women's care, facilitate mental health access, and much more. This is deeply important and gratifying work. Join our team and play a pivotal role in supporting critical innovation in healthcare today!
The Role: Senior Security Engineer – Guardian of Our Innovation
Are you a seasoned security professional ready to elevate the safety and resilience of a rapidly scaling healthcare tech platform? We're seeking a hands-on Senior Security Engineer to serve as our lead security architect and operational expert. You will define and implement our security posture, ensuring our systems are not only resilient against evolving threats but also rigorously compliant with crucial healthcare regulations. This is a unique opportunity to own and drive strategic security initiatives from the ground up, embedding security as a core tenet of our mission.
What You’ll Do
Architect & Implement Secure-by-Design Systems: Proactively embed robust security protections and guardrails into our core systems and infrastructure, ensuring a 'secure by default' posture across all our offerings.
Drive Security Throughout the SDLC: Partner closely with engineering teams, leading design reviews and threat modeling sessions to identify and mitigate potential security flaws early in the development process. Validate the security of new features and services from concept to deployment, ensuring security remains at the forefront of all initiatives.
Master & Evolve Compliance Frameworks: Own, manage, and continuously mature our adherence to critical compliance standards including HIPAA, SOC2, SOC1, PCI, and HITRUST. Translate complex regulations into actionable, embedded security practices and rituals.
Lead Proactive Vulnerability Management: Develop and execute a comprehensive vulnerability management program. Regularly audit our platforms and tech stack for weaknesses, ensuring that vulnerabilities are identified, prioritized, and remediated in a timely and effective manner.
Champion Secure Third-Party Integrations: Oversee security due diligence for all third-party vendors, conducting thorough security reviews prior to integration. Manage relationships with external security partners for penetration testing and specialized services, ensuring continuous external scrutiny and fortification of our platforms.
Who You Are
You possess 4+ years of hands-on experience in the security domain, with a proven track record of successfully leading and executing complex security initiatives.
Your expertise isn't just theoretical; you have deep practical understanding and experience navigating the intricacies of security compliance rituals and routines. You don't just know the rules; you know how to embed them.
You have strong knowledge of HIPAA regulations and the unique security challenges inherent in handling sensitive healthcare information (PHI).
You are adaptable and flexible, always ready to engage with security challenges at both enterprise and client levels.
You are proficient in writing code to automate security tasks and processes. You possess the keen ability to meticulously read, understand, and audit systems, networks, and IT configurations to ensure uncompromised security.
Our Values: Built on Trust, Impact, and Growth
We believe that impactful work is done by energized, supportive, and inspiring teams. We spend at least as much time with our coworkers as we do with our closest friends and family – it’s important that these folks energize us, support us, inspire us, and push us to do our best work. This is what you can expect of your teammates at Candid Health (in no particular order): We put our customers first. Pay Transparency The estimated starting annual salary range for this position is $180,000 - $258,000 USD. The listed range is a guideline from Pave data, and the actual base salary may be modified based on factors including job-related skills, experience/qualifications, interview performance, market data, etc. Total compensation for this position may also include equity, sales incentives (for sales roles), and employee benefits. Given Candid Health’s funding and size, we heavily value the potential upside from equity in our compensation package. Further note that Candid Health has minimal hierarchy and titles, but has broad ranges of experience represented within roles.
We take care of each other and ourselves.
We anchor on outcomes and work relentlessly and creatively to achieve them.
We collectively prioritize building a diverse and inclusive workspace.
We believe humility is our greatest strength.
We are candid, kind, and committed.
We strive to be the most prepared person in the room.
We are truth seekers.