Become Our Security Sherpa: Senior Security Engineer (HIPAA Focus)
Are you a deeply technical security engineer with a passion for HIPAA compliance and a knack for building secure systems from the ground up? If so, we need you! This is a rare greenfield opportunity to own security at [Company Name], a company revolutionizing [briefly describe what the company does - e.g., healthcare communications, AI-powered diagnostics] by handling sensitive patient and payment data. You'll be the first dedicated security hire, influencing the security posture and culture from day one. You will have the chance to build the foundations of our security program.
What You'll Do:
Lead the HIPAA Charge: Drive all aspects of HIPAA compliance and technical implementation, crafting policies, conducting risk assessments, and implementing safeguards across our applications and infrastructure.
Be the Security Architect: Own threat modeling, conduct secure design reviews, and perform application security assessments for all new features and services. You'll be the go-to person for secure architecture guidance.
Empower Engineers with Security Tools: Build and maintain tools, libraries, and frameworks that empower engineers to ship secure code with minimal friction, fostering a security-conscious development culture.
Hunt for Vulnerabilities: Conduct hands-on code audits, static analysis, and penetration testing to proactively identify and mitigate security risks.
Secure the DevOps Pipeline: Collaborate cross-functionally with DevOps and engineering to secure APIs, infrastructure, and deployment pipelines (CI/CD), ensuring a secure software delivery lifecycle.
Incident Response Commander: Guide incident response planning, logging strategy, and forensic readiness to ensure swift and effective handling of security incidents.
Vendor Security Gatekeeper: Own vendor risk assessment and access management for 3rd party services, ensuring our external partners meet our stringent security standards.
Compliance Partner: Partner with legal and leadership to maintain audit readiness and manage evolving regulatory requirements, keeping us ahead of the curve.
What You'll Bring:
Experience: 5+ years of experience in application or infrastructure security roles.
HIPAA Expertise: A proven track record of implementing HIPAA controls and securing ePHI in production systems.
Coding Prowess: Strong coding skills in at least one modern backend language (e.g., Python, Go, Java).
Cloud Security Skills: Experience securing cloud-native architectures (e.g., AWS, Azure, GCP).
Tooling Familiarity: Familiarity with security and infrastructure tools like Terraform, Vault, Datadog, or similar.
Adaptability: Comfortable working in fast-paced, early-stage environments with a high degree of autonomy.
Bonus Points: Experience in AI/ML security, especially around LLMs or healthcare datasets.
Why You'll Love Working Here:
Make a Real Impact: You'll be the first dedicated security hire, with a seat at the table to shape how [Company Name] handles privacy, data protection, and compliance.
Learn From the Best: Work directly with our CTO and founding engineers, gaining invaluable experience and insights.
Solve Meaningful Problems: Help modernize a critical part of the healthcare system while working on cutting-edge voice AI.
Competitive Perks: Competitive compensation, early equity, and benefits designed to support your growth and wellbeing.
The base salary for this role ranges from $150,000 to $275,000, depending on experience, skill set, and fit. We also offer equity and benefits as part of our total compensation package. Final offers may vary based on experience and qualifications - we’re always open to exceptional talent.