About Sprinter HealthAt Sprinter Health, our mission is reimagining how people access care by bringing it directly to their homes. Nearly 30% of patients in the U.S. skip preventive or chronic care simply because they can’t get to a doctor’s office. For many, the ER becomes their first touchpoint with the healthcare system, driving over $300B in avoidable costs every year.By using the same technologies that power leading marketplace and last-mile platforms, we deliver care where people are, especially those who need it most. So far, we’ve supported more than 2 million patients across 22 states, completed 130,000+ in-home visits, and maintained a 92 NPS. Our team of clinicians, technologists, and operators has raised over $125M from investors like a16z, General Catalyst, GV, and Accel and enjoys multi-year runway.About the RoleWe’re looking for a Staff Security Engineer to be Sprinter’s first dedicated security hire and help build the foundation for how security scales across the company.This is a high-ownership role for someone who can operate strategically and hands-on. You’ll define our security roadmap, strengthen our cloud and application security posture, support HIPAA, SOC 2, and HITRUST readiness, and partner closely with engineering, product, IT, legal, operations, and leadership to make security a core part of how we build and operate.As our first security function hire, you will not just execute against an existing program. You’ll help decide what the program should be. That includes designing controls, implementing tools, driving vulnerability management, supporting partner security reviews, improving IAM, embedding security into the SDLC, and helping Sprinter make smart risk decisions as we scale.This role is ideal for someone who wants to build a security function from the ground up in a high-growth, mission-driven healthcare company.Office LocationWe are a hybrid company based in the Bay Area with offices in both San Francisco and Menlo Park. For this role, we are also open to considering remote candidates. We will give priority to candidates who are based in or open to working from the San Francisco Bay Area.What you will doBuild and lead Sprinter’s security program as the company’s first dedicated security hireDefine and execute a practical security roadmap across cloud infrastructure, application security, compliance, identity, vendor risk, and incident readinessDesign, implement, and maintain security controls that support HIPAA, SOC 2, and HITRUST requirementsPartner with legal, product, IT, engineering, and operations teams to ensure ongoing audit readiness and compliance maturityImprove security across AWS and GCP environments, including IAM, networking, encryption, secrets management, and cloud-native application securityEvaluate and implement security tooling for vulnerability management, cloud security posture management, security monitoring, DAST, and related needsLead vulnerability management efforts across applications, infrastructure, cloud environments, and third-party systemsCoordinate penetration testing efforts, work with external security partners, and drive remediation with engineering teamsEmbed security into the software development lifecycle through secure design reviews, CI/CD checks, developer guidance, and pragmatic security standardsOwn or support partner, customer, and vendor security reviews, including questionnaires, risk assessments, and remediation planningStrengthen identity and access management across internal systems, applications, and cloud environmentsDevelop clear security policies, procedures, documentation, and reporting for internal teams and senior leadershipAdvise on AI security best practices as Sprinter adopts and builds AI-enabled systems, including data handling, model risk, application security, and privacy controlsBuild strong working relationships across teams so security is viewed as a partner to the business, not a blockerWhat you have doneSpent 8+ years in security engineering, cloud security, application security, infrastructure security, DevSecOps, or related rolesBuilt or meaningfully scaled a security function, security program, or major security domain in a high-growth environmentOperated as a senior technical owner for security across engineering, infrastructure, product, IT, and compliance stakeholdersWorked hands-on with cloud security in AWS, GCP, or similar cloud environmentsImplemented security controls that support compliance frameworks such as HIPAA, SOC 2, HITRUST, ISO 27001, or similarLed vulnerability management, penetration testing coordination, remediation workflows, and security assessmentsPartnered with engineering teams to embed security into architecture, development, CI/CD, and production operationsWorked with identity and access management systems such as Okta, Auth0, SSO, MFA, RBAC, or related toolingEvaluated, selected, or implemented security tools such as SIEM, DAST, vulnerability scanners, CSPM, endpoint security, or monitoring platformsUsed scripting or infrastructure-as-code tools such as Python, Bash, Terraform, or similar to automate security workflowsCommunicated security risks, tradeoffs, and priorities clearly to technical and non-technical stakeholdersMade practical risk decisions in environments where speed, ambiguity, compliance, and security all matterWhat gives you an edgeYou’ve been the first security hire or an early security leader at a startupYou’ve built security programs in healthcare, fintech, insurance, logistics, marketplace, or other regulated or operationally complex environmentsYou have deep experience with HIPAA, SOC 2, HITRUST, or healthcare security and privacy requirementsYou’ve supported customer, partner, or enterprise security reviews in a B2B or healthcare environmentYou’ve helped prepare for or lead security audits and compliance assessmentsYou have experience with AI security, including secure AI application development, model risk, data privacy, adversarial risk, or AI governanceYou’ve worked closely with product and engineering teams to make security usable, scalable, and developer-friendlyYou have experience with container security, Kubernetes, network security, endpoint security, or encryption standardsYou hold certifications such as CISSP, CISM, AWS Certified Security Specialty, CEH, or similarThe Interview ProcessWe aim to complete the interview process within 2–3 weeks. It will usually consist of:Recruiter Screen: Background fit, motivation, and compensation alignmentHiring Manager Interview: Security leadership, technical depth, and first-of-function experienceTechnical Interview: Cloud security, application security, compliance, vulnerability management, and security architectureCross-Functional Interview: Collaboration style and ability to partner with engineering, product, IT, legal, and operationsReferences: Validation of performance, judgment, and working styleWhat we offerMeaningful pre-IPO equityMedical, dental, and vision plans 100% paid for you and your dependentsFlexible PTO + 10 paid holidays per year401(k) with match16-week parental leave policy for birthing parent, 8 weeks for all other parentsHSA + FSA contributionsLife insurance, plus short and long-term disability coverageFree daily lunch in-officeAnnual learning stipendRelocation assistanceOur Technology StackAWSGCPTerraform and infrastructure-as-code toolingTypeScriptPythonBashCI/CD systemsOktaAuth0SIEM, DAST, vulnerability management, and cloud security toolingIdentity, access, and secrets management systemsCloud networking and infrastructure toolingContainer and deployment systemsServerless AWS, including AppSync, DynamoDB, Lambda, Amplify, CloudFormation, and NodeGraphQLReact Native and React Native for WebEqual Opportunity StatementSprinter Health is an equal opportunity employer. We value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, disability status, or other protected classes.Beware of recruitment fraud and scams that involve fictitious job descriptions followed by false job offers.If you are applying for a job, you can confirm the legitimacy of a job posting by viewing current open roles on our official Sprinter Health Careers website. All legitimate job postings will require an application to be made directly on our official Sprinter Health Careers website. Job-related communications will only be sent from email addresses ending in @sprinterhealth.com. Please ensure that you’re only replying to emails that end with @sprinterhealth.com.