Staff, Security Engineer (App & Product Sec)

Sprinter Health•San Francisco, CA

4d•Hybrid

About The Position

We’re looking for a Staff Security Engineer to be Sprinter’s first dedicated security hire and help build the foundation for how security scales across the company. This is a high-ownership role for someone who can operate strategically and hands-on. You’ll define our security roadmap, strengthen our cloud and application security posture, support HIPAA, SOC 2, and HITRUST readiness, and partner closely with engineering, product, IT, legal, operations, and leadership to make security a core part of how we build and operate. As our first security function hire, you will not just execute against an existing program. You’ll help decide what the program should be. That includes designing controls, implementing tools, driving vulnerability management, supporting partner security reviews, improving IAM, embedding security into the SDLC, and helping Sprinter make smart risk decisions as we scale. This role is ideal for someone who wants to build a security function from the ground up in a high-growth, mission-driven healthcare company.

Requirements

Spent 8+ years in security engineering, cloud security, application security, infrastructure security, DevSecOps, or related roles
Built or meaningfully scaled a security function, security program, or major security domain in a high-growth environment
Operated as a senior technical owner for security across engineering, infrastructure, product, IT, and compliance stakeholders
Worked hands-on with cloud security in AWS, GCP, or similar cloud environments
Implemented security controls that support compliance frameworks such as HIPAA, SOC 2, HITRUST, ISO 27001, or similar
Led vulnerability management, penetration testing coordination, remediation workflows, and security assessments
Partnered with engineering teams to embed security into architecture, development, CI/CD, and production operations
Worked with identity and access management systems such as Okta, Auth0, SSO, MFA, RBAC, or related tooling
Evaluated, selected, or implemented security tools such as SIEM, DAST, vulnerability scanners, CSPM, endpoint security, or monitoring platforms
Used scripting or infrastructure-as-code tools such as Python, Bash, Terraform, or similar to automate security workflows
Communicated security risks, tradeoffs, and priorities clearly to technical and non-technical stakeholders
Made practical risk decisions in environments where speed, ambiguity, compliance, and security all matter

Nice To Haves

You’ve been the first security hire or an early security leader at a startup
You’ve built security programs in healthcare, fintech, insurance, logistics, marketplace, or other regulated or operationally complex environments
You have deep experience with HIPAA, SOC 2, HITRUST, or healthcare security and privacy requirements
You’ve supported customer, partner, or enterprise security reviews in a B2B or healthcare environment
You’ve helped prepare for or lead security audits and compliance assessments
You have experience with AI security, including secure AI application development, model risk, data privacy, adversarial risk, or AI governance
You’ve worked closely with product and engineering teams to make security usable, scalable, and developer-friendly
You have experience with container security, Kubernetes, network security, endpoint security, or encryption standards
You hold certifications such as CISSP, CISM, AWS Certified Security Specialty, CEH, or similar

Responsibilities

Build and lead Sprinter’s security program as the company’s first dedicated security hire
Define and execute a practical security roadmap across cloud infrastructure, application security, compliance, identity, vendor risk, and incident readiness
Design, implement, and maintain security controls that support HIPAA, SOC 2, and HITRUST requirements
Partner with legal, product, IT, engineering, and operations teams to ensure ongoing audit readiness and compliance maturity
Improve security across AWS and GCP environments, including IAM, networking, encryption, secrets management, and cloud-native application security
Evaluate and implement security tooling for vulnerability management, cloud security posture management, security monitoring, DAST, and related needs
Lead vulnerability management efforts across applications, infrastructure, cloud environments, and third-party systems
Coordinate penetration testing efforts, work with external security partners, and drive remediation with engineering teams
Embed security into the software development lifecycle through secure design reviews, CI/CD checks, developer guidance, and pragmatic security standards
Own or support partner, customer, and vendor security reviews, including questionnaires, risk assessments, and remediation planning
Strengthen identity and access management across internal systems, applications, and cloud environments
Develop clear security policies, procedures, documentation, and reporting for internal teams and senior leadership
Advise on AI security best practices as Sprinter adopts and builds AI-enabled systems, including data handling, model risk, application security, and privacy controls
Build strong working relationships across teams so security is viewed as a partner to the business, not a blocker

Benefits

Meaningful pre-IPO equity
Medical, dental, and vision plans 100% paid for you and your dependents
Flexible PTO + 10 paid holidays per year
401(k) with match
16-week parental leave policy for birthing parent, 8 weeks for all other parents
HSA + FSA contributions
Life insurance, plus short and long-term disability coverage
Free daily lunch in-office
Annual learning stipend
Relocation assistance