Senior Platform & Security Engineer

HLH Holdings LLC dba Highlight Health•Philadelphia, PA

About The Position

Highlight Health is a mission-driven company that protects consumer rights and controls healthcare costs exclusively for self-funded employers and their stop loss carriers. We are a profitable, fast-growing company without private equity investors. We are currently building a sophisticated, proprietary Claims Intelligence Platform — a system of record handling protected health information (PHI) and generating financial recommendations with real-world legal and economic weight. Security, compliance, and platform reliability are not afterthoughts here; they are first-class engineering concerns. We are looking for a Senior Platform and Security Engineer to own the Azure infrastructure, IT operations, and technical implementation of security controls that underpin this platform. This is a hands-on individual contributor role with a potential path toward team leadership as the company grows. You will work closely with the engineering team on platform changes and directly with leadership on SOC 2 Type 2 and HIPAA audit preparation. If you want technical ownership of a platform where the stakes are real and the work is consequential, we would love to hear from you.

Requirements

7–10 years in cloud platform engineering, DevOps, or infrastructure security
Hands-on production Azure experience across the full service lifecycle, not just resource provisioning
Practical experience implementing technical controls for HIPAA and SOC 2 Type 2
Fluent in Entra ID: conditional access, MFA, role assignments, and identity governance
Applies appropriate safeguards for protected health information, including PHI-safe logging pipelines, data isolation, and least-privilege access controls
Comfortable owning IT operations end-to-end: M365, SaaS administration, and employee access management included
Brings a point of view. This role requires someone who assesses the environment, identifies gaps, and recommends a path forward
Energized by doing the work. This is a hands-on role with full ownership of the platform and security posture

Nice To Haves

Healthcare or regulated industry background is a genuine advantage
Comfortable incorporating AI-assisted tools and workflows into day-to-day work to improve speed and quality

Responsibilities

Own infrastructure for all Azure resources across development, UAT, and production environments
Manage and evolve Azure DevOps pipelines for build, test, and deployment
Operate Azure Container Apps, App Service, Service Bus, Azure Database for PostgreSQL Flexible Server, Blob Storage, and supporting services
Maintain Azure Key Vault including secrets rotation and enforcement of least-privilege access
Configure and tune Application Insights and Log Analytics, including PHI-safe logging pipelines that prevent sensitive data from appearing in telemetry
Implement and maintain technical controls in support of SOC 2 Type 2 and HIPAA compliance programs
Administer Entra ID including conditional access policies, MFA enforcement, group lifecycle management, and identity governance
Partner with leadership on audit preparation, evidence collection, and control documentation
Contribute to incident response readiness, including tabletop exercises and runbook development
Manage logging and alerting functions through Microsoft Purview and Microsoft Sentinel, including alert tuning, analytics rules, and data connector configuration
Maintain and improve the organization’s security posture through vulnerability management, access reviews, and security monitoring
Own Office 365 administration, SharePoint configuration, and SaaS tool management for the organization
Serve as the internal technical authority on endpoint security, device management, and employee access provisioning
Evaluate and onboard new tooling as the company scales, with a bias toward security and operational simplicity