Staff Security Engineer

About The Position

Requirements

• Deep Identity Experience: 8+ years of security engineering experience, with a specialized focus on Identity and Access Management (IAM). You are an expert in the mechanics of token infrastructure (JWTs, JWKS, refresh tokens) and B2B federation.
• Customer-Facing Technical Credibility: You have the presence and depth to lead high-stakes technical meetings. You can effectively communicate complex security architectures to external CISOs and architects, establishing immediate trust and authority.
• Compliance Automation: You have successfully automated compliance frameworks (SOC2 Type II, ISO 27001, HIPAA) in a cloud-native environment. You treat compliance as an engineering problem.
• Cloud Security Mastery: Deep hands-on experience securing Google Cloud Platform (GCP) or AWS. You understand IAM roles, VPC Service Controls, and organization-level policies.
• Application Security: You can read and write code (Go, Python, TypeScript). You can perform code reviews, identify complex logic flaws, and write custom security tooling.

Nice To Haves

• Healthcare Experience: Experience handling PHI (Protected Health Information) and understanding the specific security requirements of the HIPAA Security Rule.
• Certifications: CISSP, CCSP, or Google Professional Cloud Security Engineer (valued, but experience trumps paper).

Responsibilities

• Holistic Identity & Token Architecture
• Own the Complete Identity Stack: You will architect the end-to-end identity strategy for the platform. This includes the token management infrastructure (minting, validation, rotation, revocation), session handling, and the rigorous implementation of identity standards (OIDC, SAML 2.0, OAuth 2.0).
• Enterprise Technical Partnership: You will serve as the primary technical voice for Identity during critical pre-sales and onboarding conversations. You will lead technical deep dives with customer security teams, translating their complex legacy requirements into modern, secure integration patterns.
• Frictionless Federation: You will build the architecture for seamless hospital onboarding, automating the provisioning of users via upstream identity signals (SCIM, JIT provisioning) while ensuring Zero Trust principles are maintained.
• Automated Compliance & Governance
• Compliance as Code: You will automate the evidence collection and enforcement of our compliance controls (ISO 27001, SOC2, HIPAA). You will build tooling that continuously monitors our cloud environment (GCP) for drift and auto-remediates violations.
• Audit Leadership: You will serve as the technical lead for external security audits, translating complex auditor requirements into engineering tasks and demonstrating our security posture through automated proofs.
• Platform Security & DevSecOps
• Secure Software Supply Chain: You will secure our CI/CD pipelines, implementing signing (Sigstore/Cosign), vulnerability scanning (SBOM), and secrets management strategies.
• Mentorship & Culture: You will elevate the security consciousness of the organization. You will mentor engineers on common vulnerability patterns (OWASP Top 10) and lead threat modeling sessions for critical new features.

Benefits

• Medical
• Dental
• Vision
• “Use as needed” vacation policy
• participation in our employee option program