Lead Security Engineer

Solace Logo

Solace

πŸ“Remote - Worldwide

Summary

Join Solace, a healthcare advocacy marketplace, as our first Lead Security Engineer to build and lead our security department. You will be responsible for securing our patient-facing and internal web applications, protecting sensitive health data, and shaping our security posture. This critical role requires balancing agility with robust security practices, owning end-to-end security processes and implementation. You will work cross-functionally with engineering, DevOps, and compliance teams to ensure HIPAA, SOC 2, and general data privacy adherence. The ideal candidate will have extensive experience in web application security and a strong understanding of relevant regulations. Solace is a Series B startup with a fully remote U.S. team.

Requirements

  • Experience working in a start-up environment
  • 8+ years of experience in web application security or related engineering roles
  • Proficiency with secure web development and auditing practices (e.g., input validation, authentication/authorization mechanisms, encryption in transit and at rest)
  • Experience with threat modeling, vulnerability scanning tools, and manual security testing
  • Familiarity with regulatory/compliance frameworks
  • Experience in healthcare or other regulated industries and knowledge of implementing HIPAA compliant software

Responsibilities

  • Own web application security across all our products and services (React, Node.js, PostgreSQL, Heroku)
  • Promote a security-first culture within the organization by enforcing secure coding practices
  • Analyze new and existing features for potential security risks
  • Conduct regular threat modeling, vulnerability assessments, and penetration testing (both automated and manual)
  • Work cross-functionally with engineering, DevOps, and compliance teams to ensure HIPAA, SOC 2, and general data privacy adherence
  • Monitor, detect, and respond to potential threats in real-time
  • Lead investigations of security incidents and breaches and perform root cause analysis and support post-incident remediation and reporting
  • Stay current on web vulnerabilities (e.g., OWASP Top 10) and mitigate them proactively
  • Help foster a security-first culture through training, documentation, and mentorship providing guidance and training to engineering and product teams on secure development practices

Remote

Cybersecurity

Senior

Share this job:

Disclaimer: Please check that the job is real before you apply. Applying might take you to another website that we don't own. Please be aware that any actions taken during the application process are solely your responsibility, and we bear no responsibility for any outcomes.

Similar Remote Jobs