Summary
Join Curai Health, an AI-powered virtual clinic, as a Lead Security Engineer. This remote-first role involves leading security initiatives, ensuring HIPAA and SOC-2 compliance, and building security tools. You will work with engineers to design secure solutions, manage penetration tests, and implement security tooling. The ideal candidate has 5+ years of experience in a similar role, expertise in securing cloud architectures (AWS), and experience with various security frameworks. Curai offers competitive compensation, stock options, unlimited PTO, flexible hours, excellent benefits, and a 401k plan.
Requirements
- 5+ years of experience in a similar role
- A passion for improving infrastructure security operations
- Demonstrated ability and experience securing large complex enterprise architectures or systems deployed in the public cloud (e.g. Amazon Web Services)
- Experience with various AWS security tools such as GuardDuty, CloudTrail, CloudWatch, Inspector, etc
- Computer science or similar technical degree, or equivalent practical experience
- Strong analytical and problem-solving skills
- Excellent interpersonal and verbal + written communication skills
- Ability to work and thrive in a fast-paced, diverse, and multidisciplinary work environment
Responsibilities
- Maintain infrastructure and operational security controls that ensure Curai remains both HIPAA and SOC-2 compliant
- Lead initiatives to establish and implement new frameworks (like HITRUST and NIST)
- Establish security requirements for cloud-based solutions by evaluating business strategies and requirements, such as those found in cloud infrastructure security standards like ISO and NIST
- Conduct regular security and privacy assessments based on changes to Curaiβs infrastructure and applications for potential impact
- Work with engineers to identify the tradeoffs of different solutions and recommend ideal designs that meet the teamβs requirements, as well as our security requirements
- Manage the execution of penetration tests and coordinate all remediation activities with the rest of the engineering team
- Implement and maintain core security tooling, such as vulnerability and configuration management, intrusion detection/prevention systems, SIEM tools, etc
- Assist the security team in performing/automating audits, security assessments, and quarterly access reviews
- Continually evaluate new threats in the cloud, to identify the impact on IT and Business to develop and implement security controls
- Provide technical and integration support for Curaiβs continuous compliance platform, Drata
- Help write and draft policies and programs to support Curai's privacy and security initiatives
Preferred Qualifications
- Hands-on experience in implementing, and administering IAM systems like Okta and OneLogin
- Experience with Datadog
- Experience with ISO 27001/2, NIST CSF, HIPAA/HITECH, SOC-2, PCI, SOX, ITGC, or other security frameworks
- Experience with continuous compliance platforms such as Drata, Vanta, SecureFrame, etc
Benefits
- Culture: Mission-driven talent with great colleagues committed to living our values, collaborating, and driving performance
- Pay: Competitive compensation and stock
- Wellness: Unlimited PTO, flexible working hours and remote working options
- Benefits: Excellent medical, dental, vision, flex spending plans, and paid parental leave
- Financial: 401k plan with employer matching