Lead Security Engineer

closed
Curai Health Logo

Curai Health

πŸ’΅ $180k-$230k
πŸ“Remote - Worldwide

Summary

Join Curai Health, an AI-powered virtual clinic, as a Lead Security Engineer. This remote-first role involves leading security initiatives, ensuring HIPAA and SOC-2 compliance, and building security tools. You will work with engineers to design secure solutions, manage penetration tests, and implement security tooling. The ideal candidate has 5+ years of experience in a similar role, expertise in securing cloud architectures (AWS), and experience with various security frameworks. Curai offers competitive compensation, stock options, unlimited PTO, flexible hours, excellent benefits, and a 401k plan.

Requirements

  • 5+ years of experience in a similar role
  • A passion for improving infrastructure security operations
  • Demonstrated ability and experience securing large complex enterprise architectures or systems deployed in the public cloud (e.g. Amazon Web Services)
  • Experience with various AWS security tools such as GuardDuty, CloudTrail, CloudWatch, Inspector, etc
  • Computer science or similar technical degree, or equivalent practical experience
  • Strong analytical and problem-solving skills
  • Excellent interpersonal and verbal + written communication skills
  • Ability to work and thrive in a fast-paced, diverse, and multidisciplinary work environment

Responsibilities

  • Maintain infrastructure and operational security controls that ensure Curai remains both HIPAA and SOC-2 compliant
  • Lead initiatives to establish and implement new frameworks (like HITRUST and NIST)
  • Establish security requirements for cloud-based solutions by evaluating business strategies and requirements, such as those found in cloud infrastructure security standards like ISO and NIST
  • Conduct regular security and privacy assessments based on changes to Curai’s infrastructure and applications for potential impact
  • Work with engineers to identify the tradeoffs of different solutions and recommend ideal designs that meet the team’s requirements, as well as our security requirements
  • Manage the execution of penetration tests and coordinate all remediation activities with the rest of the engineering team
  • Implement and maintain core security tooling, such as vulnerability and configuration management, intrusion detection/prevention systems, SIEM tools, etc
  • Assist the security team in performing/automating audits, security assessments, and quarterly access reviews
  • Continually evaluate new threats in the cloud, to identify the impact on IT and Business to develop and implement security controls
  • Provide technical and integration support for Curai’s continuous compliance platform, Drata
  • Help write and draft policies and programs to support Curai's privacy and security initiatives

Preferred Qualifications

  • Hands-on experience in implementing, and administering IAM systems like Okta and OneLogin
  • Experience with Datadog
  • Experience with ISO 27001/2, NIST CSF, HIPAA/HITECH, SOC-2, PCI, SOX, ITGC, or other security frameworks
  • Experience with continuous compliance platforms such as Drata, Vanta, SecureFrame, etc

Benefits

  • Culture: Mission-driven talent with great colleagues committed to living our values, collaborating, and driving performance
  • Pay: Competitive compensation and stock
  • Wellness: Unlimited PTO, flexible working hours and remote working options
  • Benefits: Excellent medical, dental, vision, flex spending plans, and paid parental leave
  • Financial: 401k plan with employer matching
This job is filled or no longer available