Staff Security Engineer

Ambience Healthcare•San Francisco, CA

1d•$225,000 - $275,000

About The Position

Ambience runs real-time clinical workflows inside the most security-sensitive health systems in the country. That means security can’t be bolted on, it has to be engineered into the product. As a Staff Security Engineer, you’ll own the systems that protect our platform at scale: application security, cloud security, detection and response, and the security primitives other teams build on. You’ll design guardrails that make the secure path the default, harden our infrastructure against real threats, and partner with engineering to eliminate entire classes of risk. This is a builder role. You’ll write code, design systems, and lead cross-cutting security initiatives that directly enable enterprise trust and customer expansion.

Requirements

7+ years of hands-on experience in security engineering, with deep exposure to securing complex, high-growth technical environments
Staff-level scope: led cross-cutting security initiatives, influenced architecture, and embedded security best practices across teams
Strong software engineering fundamentals (CS degree or equivalent experience); comfortable reading, writing, and modifying production code in Python, Go, TypeScript, or similar
Proven experience in security architecture and systems hardening across applications, infrastructure, and cloud environments
Hands-on with vulnerability management and penetration testing: identifying, prioritizing, and driving remediation of real risks
Experience selecting and extending modern security tools for detection, incident response, automation, and threat monitoring
Strong cloud security background (AWS and/or GCP), including IAM, networking, and secure service design
Collaborative and pragmatic: able to partner with engineers, influence designs early, and explain security tradeoffs clearly

Responsibilities

Application & Platform Security — Design and implement secure-by-default patterns across our backend and infrastructure. Identify and remediate vulnerabilities in application logic, APIs, and data flows.
Cloud & Infrastructure Security — Own security posture across our cloud environment: IAM, network boundaries, secrets management, and secure service-to-service communication.
Detection & Incident Response — Build and operate detection pipelines, alerts, and runbooks. Lead investigations, root cause analysis, and systemic fixes — not just one-off patches.
Security Tooling & Automation — Extend and integrate security tools through code. Automate controls, evidence collection, and remediation to reduce manual work and scale coverage.
Security Architecture & Leadership — Set technical direction for security across teams. Threat model new products, influence designs early, and raise the security bar company-wide.