Lead Security Engineer

Curai Health is an AI-powered virtual clinic on a mission to improve access to care at scale. As the pioneer in deploying machine learning into clinical workflows Curai Health enables its dedicated specially trained clinicians to deliver primary care to more people at a fraction of the cost. Easy-to-use and convenient Curai Health partners with insurers and health systems to keep patients engaged in their care over time improving health outcomes and reducing costs.

Our company is remote-first and we consider candidates across the United States. Our corporate office is located in San Francisco.

The Role

We are looking for a hungry and experienced Lead Security Engineer to join our team. This role will report into our engineering organization and take a leading role in supporting security and continuous compliance.  This will also include designing and building tools and service integrations that make governance easier and part of the normal day-to-day engineering work.

Who You Are

None of these individually are hard requirements but they do describe the type of folks that we think would be most effective and happy at Curai. You…

• Are excited to work with a company that values innovation and prioritizes the security of its systems and its clients' data

• Are dedicated to continuous learning and improvement in the field of cybersecurity

• Have a strong orientation to Curai’s mission to make high-quality healthcare accessible to all

• Have worked remotely before or have a strong feeling that you'd work well with a remote team spread across multiple time zones

• Are excited to try things out to validate new features and move on if they no longer solve a problem

• Can work effectively with others

• Are excited about getting on the speeding train that is a growing startup!

• Focus on the end goal and build a practical path to achieve it

• You’re someone who will say something if they see something; arming themselves with what they can do to help

What You’ll Do

• Maintain infrastructure and operational security controls that ensure Curai remains both HIPAA and SOC-2 compliant

• Lead initiatives to establish and implement new frameworks (like HITRUST and NIST)

• Establish security requirements for cloud-based solutions by evaluating business strategies and requirements such as those found in cloud infrastructure security standards like ISO and NIST)

• Conduct regular security and privacy assessments based on changes to Curai’s infrastructure and applications for potential impact.

• Work with engineers to identify the tradeoffs of different solutions and recommend ideal designs that meet the team’s requirements as well as our security requirements

• Manage the execution of penetration tests and coordinate all remediation activities with the rest of the engineering team.

• Implement and maintain core security tooling such as vulnerability and configuration management intrusion detection/prevention systems SIEM tools etc.

• Assist the security team in performing/automating audits security assessments and quarterly access reviews

• Continually evaluate new threats in the cloud to identify the impact on IT and Business to develop and implement security controls

• Provide technical and integration support for Curai’s continuous compliance platform Drata

• Help write and draft policies and programs to support Curai's privacy and security initiatives

What You’ll Need

• 5+ years of experience in a similar role

• A passion for improving infrastructure security operations

• Demonstrated ability and experience securing large complex enterprise architectures or systems deployed in the public cloud (e.g. Amazon Web Services)

• Experience with various AWS security tools such as GuardDuty CloudTrail CloudWatch Inspector etc.

• Hands-on experience in implementing and administering IAM systems like Okta and OneLogin is a plus

• Experience with Datadog is a plus

• Experience with ISO 27001/2 NIST CSF HIPAA/HITECH SOC-2 PCI SOX ITGC or other security frameworks preferred.

• Experience with continuous compliance platforms such as Drata Vanta SecureFrame etc. is a plus.

• Computer science or similar technical degree or equivalent practical experienceStrong analytical and problem-solving skills

• Excellent interpersonal and verbal + written communication skills

• Ability to work and thrive in a fast-paced diverse and multidisciplinary work environment

What We Offer

• Culture: Mission-driven talent with great colleagues committed to living our values collaborating and driving performance

• Pay: Competitive compensation and stock

• Wellness: Unlimited PTO flexible working hours and remote working options

• Benefits: Excellent medical dental vision flex spending plans and paid parental leave

• Financial: 401k plan with employer matching

The annual base salary range for this position is between $180000 and $230000 annually. Stock grants also play a key part in any offer they increase your overall compensation package significantly based on company success. Please note that the base salary range is a guideline and individual total compensation will vary based on qualifications skill level competencies and work location.

Curai Health is a startup with a small but world-class team from high-tech companies AI researchers and practicing physicians to team members from non-traditional career paths and backgrounds. We also have research partnerships with leading universities nationwide and access to medical data that facilitates research in this space. We are a highly collaborative data-driven team focused on delivering our mission with funding from top-tier Silicon Valley investors including Morningside General Catalyst and Khosla Ventures.

At Curai Health we are highly committed to building a diverse and inclusive environment. In keeping with our beliefs and values no employee or applicant will face discrimination or harassment based on race color ancestry national origin religion age gender marital domestic partner status sexual orientation gender identity disability status or veteran status. To promote an equitable and bias-free workplace we set competitive compensation packages for each position and do not negotiate on our offers. We are looking for mission-driven teammates who embody our core values and appreciate our transparent approach.