Job Overview
Location
San Francisco Bay Area
Job Type
Full-time
Category
Security Engineer
Date Posted
March 18, 2026
Full Job Description
đź“‹ Description
- • As the Lead Security & Compliance Engineer at Pathos, you will serve as the foundational security leader responsible for owning the end-to-end security and compliance posture of The Path, protecting highly sensitive, deeply personal user data from sophisticated threats including state-level attackers, while enabling the company to achieve HIPAA and SOC 2 compliance to unlock multi-billion dollar contracts.
- • You will operate at 'massive action' startup speed, partnering closely with product engineering to build impenetrable systems without sacrificing the quality and speed of the core AI product, ensuring that security enables rather than hinders innovation.
- • Day to day, you will own the implementation of cloud security controls across AWS/Azure, including identity and access management, encryption protocols, and secret management systems to safeguard sensitive data at rest and in transit.
- • You will lead the charge toward HIPAA and SOC 2 compliance by designing and executing the necessary technical and procedural controls, managing BAA vendor negotiations, and preparing documentation and evidence for auditors.
- • Within your first 30 days, you will develop a comprehensive, multi-step security and risk-mitigation plan that meets the rigor expected by sophisticated enterprise and government customers, including threat modeling, risk assessments, and remediation roadmaps.
- • You will build and implement automated CI/CD safeguards, rigorous testing protocols, and deployment guardrails that prevent product engineers from accidentally exposing secrets or introducing vulnerable code into production.
- • You will own the strategy for defending against Advanced Persistent Threats (APTs) and state-level actors by organizing and executing external penetration testing, establishing incident response protocols, and continuously monitoring for emerging threats.
- • You will design security architecture with deep empathy for the end user, ensuring that privacy-preserving controls do not degrade the seamless, context-rich AI experience users expect, and finding innovative, code-level solutions to balance security with product functionality.
- • You will partner with product, engineering, and leadership teams to translate complex security requirements into practical, actionable engineering tasks, avoiding security theater and focusing on high-impact, efficient controls.
- • You will step into high-stakes conversations with VCs, government officials, and auditors, articulating complex security architectures and risk models with clarity and credibility to build trust and confidence in Pathos’s security posture.
- • You will mentor and elevate the security awareness of the broader engineering team, fostering a culture where security is everyone’s responsibility and proactive risk mitigation is ingrained in the development lifecycle.
🎯 Requirements
- • Proven expertise in modern cloud security (AWS/Azure), including identity and access management, encryption, and secure configuration management.
- • Direct experience leading HIPAA and SOC 2 compliance efforts at a software or AI company, including audit preparation, control implementation, and BAA negotiations.
- • Demonstrated ability to build and enforce automated CI/CD safeguards, deployment guardrails, and secret management practices that prevent accidental exposure of credentials or vulnerabilities.
- • Experience defending against Advanced Persistent Threats (APTs) and conducting or managing external penetration testing and incident response planning.
- • Strong product-minded approach to security, with ability to innovate technical solutions that protect data without compromising AI-driven user experience.
- • Excellent communication and leadership skills, capable of engaging with executives, auditors, and government officials to convey complex security concepts with authority and clarity.
🏖️ Benefits
- • Opportunity to shape the security and compliance foundation of a high-impact AI startup working with deeply sensitive personal data at scale.
- • Direct influence on unlocking multi-billion dollar enterprise and government contracts through achievement of HIPAA and SOC 2 compliance.
- • Autonomy to operate at startup speed while implementing enterprise-grade security controls without slowing down product innovation.
- • Close collaboration with visionary product and engineering teams solving hard problems at the intersection of AI, privacy, and security.
- • Exposure to high-stakes conversations with VCs, government officials, and auditors, building executive presence and strategic influence.
- • Work in a mission-driven environment where protecting user privacy is not just a requirement but a core value.
Skills & Technologies
AWS
Azure
Senior
Onsite
About Pathos
Pathos is a San Francisco-based biotechnology company developing an AI-enabled precision oncology platform that analyzes tumor genomics, pathology and clinical data to match cancer patients with optimal therapies and accelerate drug development. Its cloud-based software integrates multi-modal patient data, applies machine-learning models to predict treatment response and generates real-world evidence for life-science partners. Founded in 2018, Pathos collaborates with academic medical centers, pharmaceutical companies and diagnostic labs to build large-scale clinico-genomic datasets and advance personalized cancer care.
Get more remote jobs like this
Subscribe to the weekly newsletter for similar remote roles and curated hiring updates.
Newsletter
Weekly remote jobs and featured talent.
No spam. Only curated remote roles and product updates. You can unsubscribe anytime.
