Lead Security Engineer

Summary

Join Curai Health, an AI-powered virtual clinic, as a Lead Security Engineer. This remote-first role involves leading security initiatives, ensuring HIPAA and SOC-2 compliance, and building security tools. You will work with engineers to design secure solutions, manage penetration tests, and implement security tooling. The ideal candidate has 5+ years of experience in a similar role, expertise in securing cloud architectures (AWS), and experience with various security frameworks. Curai offers competitive compensation, stock options, unlimited PTO, flexible hours, excellent benefits, and a 401k plan.

Requirements

• 5+ years of experience in a similar role
• A passion for improving infrastructure security operations
• Demonstrated ability and experience securing large complex enterprise architectures or systems deployed in the public cloud (e.g. Amazon Web Services)
• Experience with various AWS security tools such as GuardDuty, CloudTrail, CloudWatch, Inspector, etc
• Computer science or similar technical degree, or equivalent practical experience
• Strong analytical and problem-solving skills
• Excellent interpersonal and verbal + written communication skills
• Ability to work and thrive in a fast-paced, diverse, and multidisciplinary work environment

Responsibilities

• Maintain infrastructure and operational security controls that ensure Curai remains both HIPAA and SOC-2 compliant
• Lead initiatives to establish and implement new frameworks (like HITRUST and NIST)
• Establish security requirements for cloud-based solutions by evaluating business strategies and requirements, such as those found in cloud infrastructure security standards like ISO and NIST
• Conduct regular security and privacy assessments based on changes to Curai’s infrastructure and applications for potential impact
• Work with engineers to identify the tradeoffs of different solutions and recommend ideal designs that meet the team’s requirements, as well as our security requirements
• Manage the execution of penetration tests and coordinate all remediation activities with the rest of the engineering team
• Implement and maintain core security tooling, such as vulnerability and configuration management, intrusion detection/prevention systems, SIEM tools, etc
• Assist the security team in performing/automating audits, security assessments, and quarterly access reviews
• Continually evaluate new threats in the cloud, to identify the impact on IT and Business to develop and implement security controls
• Provide technical and integration support for Curai’s continuous compliance platform, Drata
• Help write and draft policies and programs to support Curai's privacy and security initiatives

Preferred Qualifications

• Hands-on experience in implementing, and administering IAM systems like Okta and OneLogin
• Experience with Datadog
• Experience with ISO 27001/2, NIST CSF, HIPAA/HITECH, SOC-2, PCI, SOX, ITGC, or other security frameworks
• Experience with continuous compliance platforms such as Drata, Vanta, SecureFrame, etc

Benefits

• Culture: Mission-driven talent with great colleagues committed to living our values, collaborating, and driving performance
• Pay: Competitive compensation and stock
• Wellness: Unlimited PTO, flexible working hours and remote working options
• Benefits: Excellent medical, dental, vision, flex spending plans, and paid parental leave
• Financial: 401k plan with employer matching