Security Operations Engineer

Alaffia Health•New York, NY

About The Position

Alaffia Health is a cutting-edge AI-powered healthtech startup operating at the intersection of clinical intelligence and healthcare cost containment. As a Security Operations Engineer, you will be the operational backbone of our information security program — safeguarding a complex, cloud native tech stack across a SOC 2 Type II, HIPAA, and HITRUST-certified environment while we pursue ISO/IEC 42001:2023 AI management system certification. This is not a traditional watch-and-react security role. You will architect and drive automation-first security operations: building SOAR playbooks, enforcing infrastructure-as-code security policies, automating compliance workflows, and embedding security throughout our SDLC. You will work closely with engineering, data, and clinical product teams to make security a seamless part of how Alaffia builds and ships — at the speed AI demands.

Requirements

5+ years of hands-on security engineering or operations experience in a cloud-native environment.
Proficiency in IAM, RBAC, and privileged access management across cloud and SaaS platforms.
Experience with MDM platforms.
Solid foundation in vulnerability management — scanning, prioritization, and remediation tracking.
Working knowledge of secrets management tools and secure credential lifecycle practices.
Hands-on experience with XDR/EDR and SIEM platforms.
Familiarity with MITRE ATT&CK, threat hunting methodologies, and IDS/IPS operations.
Proven ability to own end-to-end incident response, from triage through post-mortem.
Demonstrated experience building security automations (SOAR, scripting, API integrations).
Comfort working with IaC tools and integrating policy-as-code into CI/CD pipelines.
Ability to write scripts or lightweight tooling in Python, Bash, or similar to eliminate manual toil.
Practical understanding of HIPAA, SOC 2, and HITRUST requirements and audit processes.
Awareness of AI governance and risk management frameworks (ISO/IEC 42001:2023, NIST AI RMF) — willingness to grow expertise here is essential.
Ability to communicate risk and security concepts clearly to both technical and non-technical audiences.
Collaborative partner to engineering, product, and clinical teams — not a gatekeeper, but an enabler.
Self-directed and comfortable prioritizing in a fast-moving startup environment.

Nice To Haves

Bachelor’s degree in Computer Science, Information Systems, or equivalent practical experience.
5+ years of IT/security industry experience; healthcare, cloud, or AI-adjacent environments strongly preferred.
One or more relevant certifications valued: CompTIA Security+, CySA+, or CASP+; ISC2 CISSP; ISACA CISM, CISA, or CCSP; AWS Security Specialty or Microsoft AZ-500.
Direct experience with CrowdStrike Falcon, Splunk SIEM, or ProofPoint email security.
Experience with Addigy (macOS MDM) and/or Microsoft Intune for cross-platform device management.
Familiarity with 1Password for Teams/Secrets Automation or HashiCorp Vault.
Background in or exposure to healthcare industry security requirements beyond HIPAA (e.g., HITRUST r2 audit participation).
Experience contributing to or preparing for ISO/IEC 42001:2023 or NIST AI RMF implementations.
Comfort working in software development environments using TypeScript, Python, or Go; Docker/Kubernetes; GitHub; Datadog.
Experience with developer security tooling: SAST, DAST, dependency scanning, or secrets detection in CI/CD.
Prior involvement in building or maturing a security program at a startup or high-growth company.

Responsibilities

Design and operate SOAR workflows to automate detection, triage, and response across our security tooling.
Build and maintain IaC security policies and code security analysis pipelines integrated into CI/CD.
Automate user provisioning, de-provisioning, and access reviews aligned with RBAC and least-privilege principles.
Implement and automate secrets management and rotation using tools like 1Password Secrets Automation and HashiCorp Vault.
Develop and enforce data loss prevention (DLP) controls and data labeling workflows.
Administer MDM platforms to enforce device compliance, configuration baselines, and security controls.
Manage IAM, PLP, and RBAC across cloud and SaaS environments; conduct regular access review and certifications.
Own the secure onboarding, role-change, and offboarding lifecycle end-to-end.
Lead the full security incident response lifecycle — detection through remediation — leveraging CrowdStrike, Splunk, and ProofPoint.
Conduct proactive threat hunting and maintain threat intelligence pipelines using the MITRE ATT&CK framework.
Manage IDS/IPS monitoring and tune alerting to reduce noise and improve signal fidelity.
Automate vulnerability scanning, tracking, and SLA reporting across infrastructure and applications.
Support and co-own compliance audits for SOC 2 Type II, HIPAA, and HITRUST; contribute to Alaffia’s ISO/IEC 42001:2023 AI governance certification initiative.
Conduct vendor security reviews for new SaaS and AI tool onboarding.
Perform annual IT environment audits and manage audit evidence collection.
Triage and resolve non-hardware IT support tickets via automation.
Collaborate with software engineers to integrate security into the SDLC — including dependency scanning, secrets detection, and container security.
Produce security documentation, runbooks, and knowledge-sharing materials to upskill the broader team.