Senior Security Engineer

Metriport•San Francisco, CA

1d•Hybrid

About The Position

Metriport is an open-source data intelligence platform that helps healthcare organizations access and exchange patient data in real-time. We integrate with all major US healthcare IT systems and tap into comprehensive medical data for 300+ million individuals. We've found product-market fit with multi-million ARR, 100+ customers (including Strive Health, Circle Medical, and Brightside Health), backing from top VCs, and years of runway. We're ready to scale. We're a tight-knit, high-performing team of mostly former founders (including two YC alumni). We're engineering-heavy, operate with minimal bureaucracy and high autonomy, and hire based on competence, not prestige. We push hard—founders work six days a week from our SF office—but give everyone freedom to craft their schedule. We measure output and we're committed to sustainable intensity. About you In a nutshell, we're looking for a security engineer with the following specific qualities: You’re entrepreneurial-minded, with an olympian-level work ethic (nearly our entire engineering team consists of former founders). You are passionate about security and are excited to own security related projects within the company end-to-end. You are confident in your ability to build scalable systems across the full stack, and people usually come to you for technical guidance. You believe you can solve any problem that comes at you, and don't shy away from diving deep into areas where you may lack domain expertise. You have a strong sense of ownership over your work, and have demonstrated ability to lead others. You know how to move fast - while still maintaining a strong security posture. You care more about the end result and delivering value, rather than what new and frilly tech is being used under the hood for a given feature. When someone scopes out a project with an ETA of 3 weeks, you ask yourself "why can't it be done in 3 days?". You’re a hacker at heart, and have a good sense of what rules should, and shouldn’t, be broken.

Requirements

You have 6+ years experience in security engineering and information security.
You’re located in San Francisco or the Bay Area (or willing to relocate).
Familiar with HIPAA compliant environments.
Experience rolling out and maintaining security frameworks like SOC 2, NIST, HITRUST, FedRAMP, etc.
Experience rolling out data protection technologies like SSO, MFA, VPN, FIPS, etc.
Experience with organizational secret management.
Experience implementing SCA, SAST, DAST in CICD workflows.
Experience with Mobile Device Management (MDM).
Proficiency in cloud security & networking on AWS - IAM, WAF, KMS, etc.
Proficiency in authentication, cryptography, encryption, and security protocols such as: mTLS, RSA, SSL, HMAC, RBAC, etc.

Nice To Haves

Bonus: experience with IHE profiles (ATNA, CT, XUA).

Responsibilities

Evangelizing security across Metriport’s growing team - we will look to you for guidance, and training.
Driving full-stack security projects , big and small, end-to-end from ideation to production rollout.
Implement an enterprise-grade audit logging solution for a new national healthcare network infrastructure stack.
Implement fine grained RBAC on the API key access layer, and more robust roles on our UIs.
Help us revamp our internal security policies and put tools in place to keep the platform, and employees, secure while still allowing the team to be efficient.
Helping the engineering team with PR reviews with a security-focused lens.
Work with the Go to Market team to complete customer security assessments and questionnaires.
Work with the engineering team to harden security across the development lifecycle - think secret management, access controls, and vulnerability scanning.
Managing your own work in Linear.
Participating in bi-weekly sprint planning / retro sessions, and quarterly planning sessions.
Attending a daily 30 minute remote stand-up at 7:30am PST Mon-Fri (our only regular mandatory meeting).

Benefits

Competitive equity + compensation package 🚀
Full family Platinum health insurance, dental, and vision coverage 🦷
401(k) retirement plan + matching 💰
Flexible work from home or in-office 🏢
Healthy lunches are complimentary when working in-office (and breakfast + dinners as needed) 🍏
Quarterly company off-sites with the team ⛷️
MacBook provided by us 💻
Unlimited PTO (we work hard, but trust you to take time you need to be at your best) 🧘‍♂️

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume