Join Corti: Revolutionizing Healthcare with AI - Security Engineer
Imagine a world where everyone, regardless of location, has access to expert medical care. That's the future we're building at Corti. We're developing an AI platform that expands access to medical expertise, reduces errors, gives time back to clinicians, and makes healthcare more affordable, accessible, and, ultimately, more human.
We're looking for a passionate and skilled Security Engineer to join our team and help us secure the intelligence layer for global healthcare. If you're driven to protect sensitive data and enable innovation in the medical field, Corti is the place for you.
Why Corti?
At Corti, you'll be at the forefront of AI-powered healthcare innovation. We provide developers, product teams, and healthcare innovators with access to medical-grade AI, empowering them to deliver faster, safer, and more human care.
Our models are purpose-built for healthcare, trained on real-world data, and optimized for precision, safety, and regulatory trust. Through modular APIs, teams can easily embed medical speech recognition, summarization, reasoning, and more directly into their healthcare products.
We power the builders who are redefining healthcare, from startups creating new patient experiences to enterprises modernizing the systems that care depends on. If you believe AI purpose-built for medicine will define the next century of healthcare, you belong at Corti.
The Role: Security Engineer
As a Security Engineer at Corti, you will be a key player in ensuring our platform and operations meet the highest security standards. Your focus will be on security governance, ensuring that standards, controls, and framework requirements are clearly defined, technically grounded, and consistently implemented.
You'll spend your time on security standards, configurations, documentation, and evidence, while leveraging your engineering background to automate repetitive tasks and keep controls aligned with our systems. You'll collaborate closely with Platform Engineering and IT to maintain Corti's audit readiness and ensure our technical environment reflects our security policies.
What You’ll Be Doing:
Own and maintain Corti's security governance model across ISO 27001, SOC 2, and other relevant frameworks, including a clear control inventory and ownership map.
Translate frameworks and customer requirements into concise policies, playbooks, checklists, and acceptance criteria that seamlessly integrate into techdocs, release processes, and change management.
Plan, manage, and follow up on internal and external security audits and assessments, address non-compliance areas, and communicate status and findings to leadership, auditors, and teams.
Drive the use of compliance automation tools (e.g., Drata) and internal scripts, and monitor indicators such as device compliance, policy acceptance, training completion, and access reviews, coordinating remediation with responsible teams.
Maintain a live security risk register, including risk acceptance, mitigation plans, and regular reviews with Product, Platform, and Governance team members.
Partner with Platform and other engineers to ensure policies and control objectives are reflected in CI/CD pipelines, Infrastructure as Code, and cloud configuration baselines, and review security-impactful changes at a governance level to maintain alignment and auditability.
Design and implement small automations or configuration improvements that strengthen controls and streamline evidence collection and reporting.
Act as a trusted advisor on secure ways of working and provide clear answers to customer and stakeholder inquiries about Corti’s security posture.
You'll Thrive in This Role If You:
Have experience in DevOps, platform engineering, security engineering, or a similar field, and want to move closer to security governance, audits, and frameworks while staying connected to real systems.
Are comfortable reading and writing scripts or small tools (e.g., Python, Go, or TypeScript) to automate checks, evidence collection, and configuration management.
Understand cloud security, identity, and network fundamentals and can translate high-level requirements into specific technical settings and patterns.
Have worked with or around security frameworks like ISO 27001, SOC 2, or GDPR and are passionate about making them concrete through control mapping, documentation, and automation.
Communicate effectively with both engineers and governance stakeholders, explaining technical topics in simple terms to support decisions and audits.
Enjoy structured work, such as defining standards, maintaining inventories, and keeping documentation synchronized with reality, while continuously improving processes through automation.
Take a pragmatic approach to security, aiming for guardrails and standards that are realistic for teams to follow and meaningfully improve our security posture.
Nice To Have:
Experience implementing and enforcing secure release workflows.
Hands-on experience with Kubernetes and cloud security practices (especially Azure).
Experience with Drata or similar compliance automation tools.
Familiarity with MDM and endpoint hardening across Linux, MacOS, and Windows.
Understanding of audit tooling and compliance KPIs (MTTR, version skew, access policies).
Practicalities:
You will be reporting to the VP of Governance and Market Access.
This is a full-time position with a start date as soon as possible.
We offer a hybrid working environment at our Copenhagen office.
Corti provides all necessary equipment.
Ready to make a real difference in healthcare? Hit that 'Apply' button and join us in reshaping the dialogue in healthcare and improving patient outcomes worldwide.
🤝 Bringing in top talent from all backgrounds is crucial in our pursuit to improve the world of healthcare. We encourage applications from all people and do not discriminate based on race, religion, national origin, gender, sexual orientation, age, and/or disability status.
At Corti, experience comes in many forms, and we’re passionate about creating teams with a multitude of perspectives! If you believe your experience is close to what we’re looking for but not an exact match, we still hope you’ll consider applying!