Security Engineer

Candid Health•Denver, CO

11d

About The Position

We’re fixing one of the most broken and costly pieces of the US healthcare system: medical billing. Today, healthcare providers spend over $250B each year on administrative overhead just to get paid by insurance. Medical billing is expensive because it’s nuanced and hard - maybe ~100x harder than credit card payment processing - and because it’s traditionally done by armies of humans who track and manage complex rules and processes specific to individual insurance companies with little or no supporting software. We’re rethinking medical billing from the ground up, building software backed by best-in-class data science (and, soon, a dash of machine learning) to automate much of this complexity so healthcare providers can get paid dramatically more easily and inexpensively. We were in the Y Combinator W20 batch and have since been well funded by a world-class group of funds (8VC, First Round Capital, BoxGroup) + angel investors. We're now helping our customers treat opioid addiction, provide holistic care for women, lose weight, increase access to mental health care, and much more. This is such important and gratifying work; we can't wait for you to join our team and help support some of the most important innovation happening in healthcare today! The Role We're looking for a Senior Security Engineer who is ready to elevate the safety and security of our systems and networks. You will serve as our guardian, ensuring our platforms are resilient against all threats while meeting compliance requirements. We value a hands-on approach and seek someone who is conversant with the nitty-gritty of security frameworks, while being deeply engaged in strategic and operational security endeavors.

Requirements

You have 4+ years of experience in the security domain, with a proven track record of hands-on involvement in complex projects.
Your expertise isn't just theoretical. You know how to "talk the talk", especially when it comes to the rituals and routines of security compliance.
With strong knowledge of HIPAA, you're no stranger to the delicate information we handle.
You are adaptable and flexible, always ready to engage with security challenges at both enterprise and client levels.
You write code to automate security, you possess the ability to read, understand, and audit systems, networks, and IT setups to ensure airtight security.

Responsibilities

Build Security Guardrails: Build security protections into our systems to ensure a secure by default posture.
Collaborate with Engineering Teams: Participate in design reviews and threat modeling sessions to identify potential security flaws early in the development process, and validate the security of new features and services during rollout ensuring security remains at the forefront of all initiatives.
Implement & Navigate Compliance Rituals: Understand, oversee, and drive the rituals associated with HIPAA, SOC2, SOC1, PCI and HITRUST to ensure that we remain compliant and informed.
Vulnerability Management: Regularly audit our platforms and tech stack for vulnerabilities, ensuring that vulnerabilities are identified and addressed in a timely manner.
Manage Third-party Relationships: Coordinate with vendors for penetration testing and other security services, ensuring that our platforms undergo regular scrutiny and remain fortified, review vendor security prior to integration

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume