Senior Security Engineer

We're seeking a Senior Security Engineer who doesn't just manage risks, but anticipates and neutralizes them before they ever become threats. This isn't just a job—it's a mission to transform healthcare security from the inside out.

The Senior Security Engineer is responsible for taking our foundational security and compliance practices to the next level.  This role will create security policies that don't just comply, but inspire confidence and show how to lead an Information Security Committee that's more like a strategic think tank than a routine meeting.
The Senior Security Engineer takes information security and regulatory compliance from a burden into a competitive advantage, and develops training programs that make cybersecurity engaging and understandable. You will be working across the entire company and operating with the authority of the Chief Technology Officer, and are the bridge between technical intricacies and business objectives.

Target Pay Range: $150,025 - $176,500 + Equity - Compensation to be determined by the education, experience, knowledge, skills, and abilities of the applicant, internal equity, and alignment with market data. 

Benefits: 

• Discretionary PTO + 8.5 days of additional sick time + 10 paid holidays
• Paid parental leave
• 100% Employer Paid Employee Medical, Dental, and Vision Insurance
• Employer Paid STD & LTD
• 401k
• $50 monthly Remote Work Stipend

You can expect to:

• Collaborate across the company and with the executive team to align security strategies to business objectives.
• Lead development and maintenance of company-wide information security policies and programs.
• Manage compliance with healthcare regulatory requirements (HIPAA, 42 CFR Part 2).
• Run the Information Security Committee forum and manage our security risk register.
• Conduct regular security compliance audits and risk assessments.
• Develop and implement security awareness and training programs.
• Oversee vendor security assessments and third-party risk management.
• Create and maintain documentation for security controls and compliance frameworks.
• Prepare compliance reports for leadership and external auditors.
• Work with our IT MSP and external consultants on security matters (penetration tests, configuration hardening, audits, etc.).
• Run the Information Security Incident Response procedures.
• Run annual Business Continuity and Disaster Recovery tabletop exercises.
• Respond to vendor security questionnaires.
• Work with the internal technology teams on cloud security, threat modelling and specification reviews.
• Regular and predictable attendance is required.
• All other duties as assigned.

Qualities we're looking for:

• 5+ years of experience as a Senior Security Engineer or similar role in information security compliance.
• Extensive knowledge of healthcare data privacy and security regulations, or a strong passion to learn them quickly.
• A track record of turning security from a cost center into a strategic enabler.
• Advanced certifications (CISSP, CISM, HITRUST CCM) that demonstrate deep expertise.
• High levels of ownership, drive, and craftsmanship.
• A collaborative spirit that turns risk management into a team sport.
• Strong understanding of security governance frameworks.
• Excellent communication and interpersonal skills.
• Ability to translate technical concepts for non-technical stakeholders.
• Demonstrated impact and experience with: 
• Consistent access to a private work environment with high speed internet and professionally appropriate surroundings for frequent video conferencing and a workstation setup conducive to remote work needs.

This is a full-time (40hrs per week) remote position. 

#LIRemote