Secure Healthcare's Future: Senior Security Engineer at Solace
Solace is revolutionizing healthcare by empowering patients with the knowledge and support they need to navigate the complexities of the system. We're a healthcare advocacy marketplace connecting patients and families with expert guidance, leading to better decisions and better outcomes.
As our second dedicated security hire, you'll be a key player in building and scaling our corporate security program, security operations, and governance functions as we rapidly expand from 200 to 400+ employees. If you're passionate about protecting sensitive data and building a security-first culture in a fast-paced, impactful environment, this is your chance to make a real difference.
Backed by Inspired Capital, Craft Ventures, Torch Capital, Menlo Ventures, and Signalfire, we're a Series B startup on a mission. Join our fully remote U.S. team and help us redefine healthcare.
Ready to tackle challenges head-on and build something meaningful?
Your Mission:
As a Senior Security Engineer, you will be responsible for a broad range of security initiatives, working closely with IT, HR, Legal, and leadership teams. This role requires a strong understanding of security best practices, compliance frameworks, and a proactive approach to identifying and mitigating risks.
Key Responsibilities:
Identity & Access Management (Primary Focus): Secure user access and protect sensitive data through robust IAM practices.
Manage and optimize Okta SSO deployment across 70+ SaaS applications.
Implement and enforce role-based access controls (RBAC) and least privilege principles.
Lead quarterly access reviews and user lifecycle management.
Drive adoption of MFA and implement conditional access policies.
Oversee endpoint management via Jamf and device compliance standards.
Security Governance & Compliance: Ensure adherence to industry regulations and internal policies.
Drive HIPAA and SOC 2 compliance maintenance through Vanta.
Manage vendor risk assessment program and Business Associate Agreement (BAA) collection for 70+ vendors.
Develop and maintain security policies, standards, and procedures.
Support customer security assessments and RFP responses.
Prepare for HITRUST certification and future IPO readiness requirements.
Security Awareness & Training: Cultivate a security-conscious culture through engaging training programs.
Design and deliver security awareness training.
Create role-specific training programs (HIPAA, phishing, data handling, incident response).
Build and maintain security documentation and knowledge base.
Develop metrics and reporting on training completion and effectiveness.
Partner with HR on security onboarding and offboarding processes.
Security Operations & Monitoring: Proactively detect and respond to security threats.
Implement and tune security monitoring and alerting systems.
Manage security logging and audit trail requirements for HIPAA compliance.
Conduct security assessments and risk analysis.
Lead incident response coordination and post-incident reviews.
Track and remediate security findings from audits and assessments.
Risk Management & Third-Party Security: Identify, assess, and mitigate security risks across the organization and our vendor ecosystem.
Maintain risk register and coordinate risk treatment activities.
Conduct vendor security assessments and ongoing monitoring.
Support procurement reviews for security and compliance implications.
Manage security aspects of contractor access and data handling.
What You'll Bring to the Table:
4+ years of experience in corporate security, GRC, security operations, or similar roles.
Hands-on experience with identity and access management (Okta, Azure AD, or similar IAM platforms).
Practical HIPAA implementation experience in healthcare or regulated environments.
Experience building security awareness programs and delivering training to diverse audiences.
Demonstrated success implementing security controls in cloud-first organizations.
Familiarity with compliance frameworks (SOC 2, HIPAA, HITRUST) and audit processes.
Experience with endpoint management solutions (Jamf, Intune, or similar).
Security certifications (CISSP, CISM, CISA, Security+, or similar) are a plus.
Experience with GRC platforms (Vanta, Drata, SecureFrame) is a plus.
Background in IT systems administration or helpdesk is a plus.
Experience managing security for remote/distributed workforces is a plus.
Familiarity with vendor risk management platforms is a plus.
Knowledge of data privacy regulations (GDPR, CCPA) is a plus.
Ability to collaborate and balance security rigor with business enablement is essential.
Applicants must be based in the United States.
Ready to protect patient data and make a difference in healthcare? Apply now!
Fraudulent Recruitment Advisory: Solace Health will NEVER request bank details or offer employment without an interview. All legitimate communications come from official solace.health emails only or ashbyhq.com. Report suspicious activity to [email protected] or [email protected].