Staff Security Engineer

Pivotal Health•Los Angeles, CA

About The Position

About Pivotal Health Pivotal Health is the leading technology platform that helps healthcare providers get paid fairly in an increasingly complex reimbursement landscape. Today, many providers face persistent underpayment from health insurance companies, despite delivering high-quality care. While processes like IDR (Independent Dispute Resolution) were designed to promote fairness, they’re often administrative-heavy, time-consuming, and difficult to navigate without the right tools. Pivotal Health combines software, data, and service into a seamlessly integrated, AI-driven platform that simplifies these complex reimbursement workflows. We help providers efficiently dispute underpaid claims, reduce administrative burden, and recover the reimbursement they’re entitled to; without adding more work to already stretched teams. Our full-service IDR solution is just the starting point. We’re building solutions that enable providers to operate with clarity, control, and confidence across the reimbursement journey. About the Role As Pivotal’s first dedicated security hire, you will play a critical role in architecting and building our security program from the ground up. In addition to strengthening platform and infrastructure security, you will help establish the security roadmap, identify and prioritize protection of the company’s “crown jewels,” and embed a secure-by-design culture across engineering. This role sits at the intersection of platform engineering, infrastructure, and security architecture. You’ll partner closely with engineering teams to design secure cloud systems, implement automated guardrails, and establish patterns that allow teams to move quickly without compromising security. You’ll help define how security is embedded directly into the platform itself - shaping infrastructure design, networking boundaries, CI/CD workflows, and developer tooling so security scales naturally as the system grows. You’ll also play a key role in maturing Pivotal’s security posture as we prepare for and maintain compliance while ensuring security practices evolve alongside the platform and the business. This is a high-impact role with meaningful ownership. You’ll help shape the systems, practices, and architecture that protect the platform as Pivotal continues to scale. You will also help translate regulatory requirements and evolving security risks into pragmatic engineering solutions that balance strong protection with developer velocity.

Requirements

8+ years of experience building and securing cloud infrastructure, platform systems, or developer tooling
Strong experience designing and operating secure cloud-native systems (AWS or GCP; GCP preferred)
Deep hands-on experience with Infrastructure as Code, particularly Terraform
Strong understanding of cloud networking and secure architecture (VPCs, private networking, routing, firewall policies)
Experience securing CI/CD pipelines and modern software delivery systems
Experience implementing secrets management and security controls across cloud environments
Experience contributing to or leading security and compliance audits (SOC 2, HIPAA, ISO, NIST, or similar)
Strong engineering fundamentals with the ability to explain security architecture and tradeoffs clearly to technical teams
Strong computer science or software engineering foundation with the ability to communicate effectively “engineer-to-engineer.”
Familiarity with common security frameworks and principles such as the OWASP Top 10, OSI model, and modern cloud security practices.
Experience participating in or supporting penetration testing, offensive security exercises, or vulnerability remediation efforts.
You prefer pragmatic, custom-fit solutions over "buying your way out" of a problem with expensive, bloated enterprise tools.
You are comfortable operating in a fast-moving environment where you may be both defining the strategy and executing hands-on technical work.

Nice To Haves

Experience implementing code scanning or security testing tools (SAST, DAST, dependency scanning)
Familiarity with endpoint security technologies such as EDR or MDR
Experience with penetration testing methodologies or offensive security tooling
Experience building or scaling security programs within early-stage or high-growth engineering organizations

Responsibilities

Define and evolve Pivotal’s security architecture: Help shape the long-term security architecture of the platform, establishing patterns and guardrails that ensure infrastructure, networking, and services remain secure as the system scales.
Build security directly into the platform: Design and implement automated controls, policies, and tooling that embed security into our infrastructure and engineering workflows rather than relying on manual review processes.
Own infrastructure security and automation: Expand and strengthen Infrastructure as Code practices using Terraform to ensure infrastructure is provisioned securely, consistently, and auditable across environments. Where necessary, deploy and integrate security tooling that strengthens our detection, prevention, and response capabilities across the platform.
Lead cloud and network security design: Design secure networking architectures including VPC configuration, private networking, firewall policies, and edge protections that safeguard internal systems and customer data. Over time, help extend security practices to any hybrid or on-premise infrastructure environments as the platform evolves.
Secure development workflows and CI/CD systems: Establish best practices for secure build pipelines, dependency management, artifact integrity, and secure software delivery.
Drive compliance readiness and regulatory maturity: Lead security initiatives required for frameworks such as SOC 2 and HIPAA, including control design, remediation work, audit preparation, and long-term security improvements. Translate compliance frameworks (SOC2, NIST, HIPAA) into actionable engineering tasks and automated controls that integrate smoothly with developer workflows. Act as a primary technical point of contact during audits and security reviews, confidently representing Pivotal’s security posture to auditors, partners, or customers when needed.
Improve monitoring, detection, and operational visibility : Design systems that surface meaningful security signals across infrastructure and services, helping teams detect issues earlier and respond effectively.
Reduce security toil through automation: Identify manual or repetitive security work and replace it with automated systems, tooling, and infrastructure improvements.
Partner with engineering teams across the company: Operate as a technical partner to engineering teams, helping them design secure systems while preserving speed and developer experience. Serve as a “security champion” within the organization — collaborating with engineering and IT teams to identify vulnerabilities and work together on practical remediation solutions.
Raise the bar for security engineering at Pivotal: Set technical direction, establish security standards, and mentor engineers as we continue to mature our platform and security posture. Develop guidelines and protocols for the responsible and secure use of emerging technologies, including AI and LLMs, within both our product and internal workflows.