Staff Software Engineer, Security

Summary

Join Dandy, a rapidly growing dental technology company, as their first dedicated security leader. You will play a crucial role in establishing and leading the company's security and compliance function. This leadership position offers high autonomy and resources to build a mature security posture, focusing on HIPAA compliance, cloud infrastructure security, and integrating security into a fast-paced development lifecycle. You will be responsible for vulnerability management, compliance programs, security infrastructure, incident response, and defining the overall security strategy. The ideal candidate possesses extensive cybersecurity experience, strong leadership skills, and a proven track record of success in building and maturing security programs within a high-growth environment. Dandy offers a comprehensive benefits package.

Requirements

• 8+ years of progressive cybersecurity experience with a proven track record of leading impactful security initiatives or maturing security programs
• Deep strategic and hands-on expertise across security domains, especially vulnerability management, compliance (HIPAA expertise highly valued), and cloud/application security
• Experience assessing existing environments and implementing effective security controls and processes
• Proven success in leading incident response and conducting thorough risk assessments
• Strong analytical skills, excellent communication to champion security across the company, and the drive to operate autonomously and build out a critical function
• Adaptability to apply security principles effectively in a fast-paced, high-growth startup environment

Responsibilities

• Formalize and lead the end-to-end vulnerability management program, implementing appropriate tools, automation, and remediation processes
• Establish and manage our security compliance program, ensuring robust adherence to HIPAA and other relevant standards through policy development, assessments, and audits
• Assess, select, implement, and manage core security infrastructure and tooling tailored to our cloud environment
• Develop and lead Dandy's security incident response capability, ensuring readiness and effective management
• Define, own, and drive the company's security strategy and roadmap, acting as the key security voice to engineering and executive leadership

Preferred Qualifications

• Deep experience within the healthcare technology sector and implementing HIPAA controls
• Proven experience integrating security effectively into CI/CD and DevSecOps workflows
• Strong scripting/automation skills (Python, Go, etc.) for security contexts
• Relevant industry certifications (CISSP, CISM, OSCP, cloud security)
• Experience helping an organization scale its security practices during rapid growth

Benefits

• Healthcare
• Dental
• Parental planning
• Mental health benefits
• A 401(k) plan
• Paid time off