Lead Security Engineer

Curai Health is an AI-powered virtual clinic on a mission to improve access to care at scale. As the pioneer in deploying machine learning into clinical workflows, Curai Health enables its dedicated, specially trained clinicians to deliver primary care to more people at a fraction of the cost. Easy-to-use and convenient, Curai Health partners with insurers and health systems to keep patients engaged in their care over time, improving health outcomes and reducing costs.

Our company is remote-first and we consider candidates across the United States. Our corporate office is located in San Francisco.

The Role

We are looking for a hungry and experienced Lead Security Engineer to join our team. This role will report into our engineering organization and take a leading role in supporting security and continuous compliance. This will also include designing and building tools and service integrations that make governance easier and part of the normal day-to-day engineering work.

Who You Are

None of these, individually, are hard requirements but they do describe the type of folks that we think would be most effective and happy at Curai. You…

• Are excited to work with a company that values innovation and prioritizes the security of its systems and its clients' data

• Are dedicated to continuous learning and improvement in the field of cybersecurity

• Have a strong orientation to Curai’s mission to make high-quality healthcare accessible to all

• Have worked remotely before, or have a strong feeling that you'd work well with a remote team, spread across multiple time zones

• Are excited to try things out to validate new features, and move on if they no longer solve a problem

• Can work effectively with others

• Are excited about getting on the speeding train that is a growing startup!

• Focus on the end goal, and build a practical path to achieve it

• You’re someone who will say something if they see something; arming themselves with what they can do to help

What You’ll Do

• Maintain infrastructure and operational security controls that ensure Curai remains both HIPAA and SOC-2 compliant

• Lead initiatives to establish and implement new frameworks (like HITRUST and NIST)

• Establish security requirements for cloud-based solutions by evaluating business strategies and requirements, such as those found in cloud infrastructure security standards like ISO and NIST)

• Conduct regular security and privacy assessments based on changes to Curai’s infrastructure and applications for potential impact.

• Work with engineers to identify the tradeoffs of different solutions and recommend ideal designs that meet the team’s requirements, as well as our security requirements

• Manage the execution of penetration tests and coordinate all remediation activities with the rest of the engineering team.

• Implement and maintain core security tooling, such as vulnerability and configuration management, intrusion detection/prevention systems, SIEM tools, etc. 

• Assist the security team in performing/automating audits, security assessments, and quarterly access reviews

• Continually evaluate new threats in the cloud, to identify the impact on IT and Business to develop and implement security controls

• Provide technical and integration support for Curai’s continuous compliance platform, Drata

• Help write and draft policies and programs to support Curai's privacy and security initiatives

What You’ll Need

• 5+ years of experience in a similar role

• Hands-on experience fixing security issues and working with Python and Terraform

• A passion for improving infrastructure security operations

• Demonstrated ability and experience securing large complex enterprise architectures or systems deployed in the public cloud (e.g. Amazon Web Services)

• Experience with various AWS security tools such as GuardDuty, CloudTrail, CloudWatch, Inspector, etc.

• Hands-on experience in implementing, and administering IAM systems like Okta and OneLogin is a plus

• Experience with Datadog is a plus

• Experience with ISO 27001/2, NIST CSF, HIPAA/HITECH, SOC-2, PCI, SOX, ITGC, or other security frameworks preferred.

• Experience with continuous compliance platforms such as Drata, Vanta, SecureFrame, etc. is a plus.

• Computer science or similar technical degree, or equivalent practical experienceStrong analytical and problem-solving skills

• Excellent interpersonal and verbal + written communication skills

• Ability to work and thrive in a fast-paced, diverse, and multidisciplinary work environment

What We Offer

• Culture: Mission-driven talent with great colleagues committed to living our values, collaborating, and driving performance

• Pay: Competitive compensation and stock

• Wellness: Unlimited PTO, flexible working hours and remote working options

• Benefits: Excellent medical, dental, vision, flex spending plans, and parental leave

• Financial: 401k plan with employer matching

The annual base salary range for this position is between $180,000 and $230,000 annually. Stock grants also play a key part in any offer, they increase your overall compensation package significantly based on company success. Please note that the base salary range is a guideline, and individual total compensation will vary based on qualifications, skill level, competencies, and work location.

Curai Health is a startup with a small, but world-class team from high-tech companies, AI researchers, and practicing physicians, to team members from non-traditional career paths and backgrounds. We also have research partnerships with leading universities nationwide and access to medical data that facilitates research in this space. We are a highly collaborative, data-driven team, focused on delivering our mission with funding from top-tier Silicon Valley investors including Morningside, General Catalyst, and Khosla Ventures.

At Curai Health, we are highly committed to building a diverse and inclusive environment. In keeping with our beliefs and values, no employee or applicant will face discrimination or harassment based on race, color, ancestry, national origin, religion, age, gender, marital domestic partner status, sexual orientation, gender identity, disability status, or veteran status. To promote an equitable and bias-free workplace, we set competitive compensation packages for each position and do not negotiate on our offers. We are looking for mission-driven teammates, who embody our core values and appreciate our transparent approach.