Job
Description
About the Role Were seeking a hands-on and detail-oriented Security and Compliance Engineer to drive security across our applications, infrastructure, and compliance programs-especially in a healthcare environment. This role combines security engineering, DevSecOps, and risk management with a strong focus on application, cloud, AI, and data security. You will work closely with engineering, DevOps, and compliance teams to embed security into the development lifecycle, support regulatory frameworks, and ensure cloud-native environments and AI technologies are secure by design. Responsibilities Conduct web and mobile application penetration testing, vulnerability scanning, and remediation support across our platforms. Integrate DevSecOps practices into CI/CD pipelines, using tools like Snyk, Terraform, and container security scanners. Implement and monitor Cloud Security Posture Management (CSPM) tools such as Wiz to secure cloud configurations and infrastructure. Partner with DevOps to enforce secure provisioning via Infrastructure as Code (IaC). Lead and support compliance initiatives (HIPAA, SOC 2, HITRUST) using platforms like Drata (Compliance-as-a-Service). Design and enhance email gateway security (e.g., Barracuda) and bot protection (e.g., WatchGuard) to defend against phishing and automated threats. Evaluate and secure chatbots and AI systems, addressing risks like prompt injection, data leakage, and model integrity. Drive data security best practices including encryption, data loss prevention (DLP), and classification strategies. Collaborate with engineering to embed security controls in product design and conduct threat modeling, secure code reviews, and architecture reviews. Participate in incident detection, response, and root cause analysis, while ensuring effective logging and monitoring are in place. Maintain security documentation and support audits and third-party assessments. Required Skills & Qualifications 4-6 years of experience in security engineering, compliance, and DevSecOps. Proficiency in web and mobile application security, including OWASP Top 10, SAST/DAST tools, and manual testing with Burp Suite, etc. Strong exposure to DevSecOps workflows, with hands-on experience using tools like Snyk, Terraform, and container security. Deep understanding of HIPAA, SOC 2, and healthcare compliance requirements. Experience with cloud security, preferably on Microsoft Azure, and familiarity with CSPM tools like Wiz. Working knowledge of Drata or similar compliance automation platforms. Exposure to email security gateways, bot protection, and threat detection tools. Familiarity with AI and chatbot security concepts and current risks in the generative AI space. Strong grasp of data security principles-encryption, access controls, data classification, and DLP. Scripting or automation skills in Python, Bash, or equivalent are a plus. Strong written and verbal communication, documentation, and collaboration skills. Nice to Have Certifications like OSCP, CEH, CCSK, CISSP, HCISPP, or similar. Familiarity with tools like KnowBe4, Intune, or Azure AD for identity and endpoint security. Understanding of Zero Trust Architecture, RBAC, and endpoint detection and response (EDR) strategies. Previous experience in a health tech, SaaS, or AI-focused organization. Why Join Us Make a real impact in securing healthcare and AI systems at scale. Collaborate in a high-ownership environment with modern tools and cloud-native practices. Work in a security-forward company that values both innovation and compliance. Flexible work environment and growth opportunities in a fast-paced tech culture.
