This job has expired
This position was posted on February 12, 2026 and is likely no longer accepting applications. We've kept it here for historical reference. Check out the similar jobs below!

Job Overview
Location
Remote
Job Type
Full-time
Category
Security Engineer
Date Posted
February 12, 2026
Full Job Description
đź“‹ Description
- • As a key architect and driver of platform security at OpenEvidence, you will be instrumental in safeguarding the mission-critical infrastructure that powers our groundbreaking medical AI platform. This role offers a unique blend of significant technical scope and direct, tangible impact, with a primary focus on fortifying the security posture, ensuring compliance integrity, and enhancing the resilience of our entire production ecosystem. You will be an integral part of our talented backend team, contributing to the design, architecture, and hardening of our infrastructure.
- • Your responsibilities will encompass the application of defense-in-depth principles to systematically reduce the attack surface across our systems. This includes improving security observability to gain deeper insights into system behavior and establishing robust, multi-layered security controls across all our services and data platforms, which handle highly sensitive medical data.
- • You will be empowered with substantial autonomy to make critical architectural decisions and to spearhead initiatives that span cloud security, identity and access management (IAM), compliance automation, and the secure development of data pipelines at scale. This is an opportunity to shape the security foundation of a rapidly growing healthcare technology company.
- • We are actively seeking a seasoned security expert who not only possesses deep technical knowledge but also thrives in the dynamic and focused environment of a startup. The ideal candidate will be adept at balancing technical rigor with the need for rapid iteration and agile development.
- • You will collaborate directly with engineering leadership to translate complex security and compliance requirements into practical, effective technical solutions. A key aspect of this role is ensuring that security measures enable, rather than impede, development velocity, fostering a culture where security is an enabler of innovation.
- • The ideal candidate will possess a proven track record of successfully securing production systems, particularly within regulated environments. You should have a deep understanding of threat modeling and risk management methodologies, and be energized by the challenge of building healthcare infrastructure that must be both highly innovative and demonstrably secure to meet stringent regulatory and patient trust standards.
- • Key responsibilities include owning and operating Cloud Security Posture Management (CSPM) tooling to continuously monitor, detect, and remediate misconfigurations, vulnerabilities, and compliance violations across our Google Cloud infrastructure. This proactive approach is essential for maintaining a secure and compliant environment.
- • You will manage the technical implementation of critical security controls required for HIPAA and SOC 2 Type II compliance. This involves automating control implementation, streamlining evidence collection processes, and ensuring audit readiness at all times.
- • A significant part of your role will involve configuring and maintaining Web Application Firewalls (WAF) and DDoS protection mechanisms for our customer-facing applications. This includes meticulous rule tuning, proactive monitoring, and swift incident response to safeguard against web-based threats.
- • You will monitor our authentication systems to detect and respond to anomalous access patterns, ensuring that only authorized access is granted and that potential security breaches are identified and mitigated quickly.
- • Improving our enterprise identity and access management (IAM) capabilities is a core objective. This includes enhancing Single Sign-On (SSO) and SCIM integrations, leveraging Google Workspace as our primary Identity Provider (IdP) to streamline user access and security.
- • You will also administer endpoint security measures, including device management policies, the deployment and management of Endpoint Detection and Response (EDR) solutions such as CrowdStrike, and the implementation of security monitoring agents across our endpoints.
- • This role demands a proactive, security-first mindset, combined with the ability to think strategically about long-term security architecture and operational excellence. You will be a guardian of our platform's integrity and a trusted advisor to the engineering team.
🎯 Requirements
- • Bachelor's degree or higher in Computer Science or a related technical field, or equivalent practical experience.
- • Minimum of 4 years of experience in security engineering, with a strong emphasis on cloud infrastructure or platform security.
- • Demonstrated ability to operate independently and effectively in a fast-paced startup environment, managing multiple priorities and delivering results.
- • Proven capability to manage risk, make sound decisions under conditions of ambiguity, and effectively balance security requirements with business velocity and product development goals.
- • Proficiency in scripting or programming languages (e.g., Python, Go, Bash) for security automation, tooling development, and infrastructure as code.
- • Hands-on experience with core cloud security concepts, including Identity and Access Management (IAM), secrets management, network security controls, and security monitoring within a major cloud provider.
- • Moderate proficiency with Google Cloud Platform (GCP) or high proficiency with Amazon Web Services (AWS) or Microsoft Azure, including experience securing containerized (e.g., Kubernetes) and serverless environments.
- • Experience implementing and maintaining security compliance frameworks such as SOC 2, HIPAA, or ISO 27001 in production environments.
- • Familiarity with modern authentication protocols (e.g., OAuth 2.0, SAML, OIDC) and identity providers (e.g., Auth0, Okta, Google Workspace).
- • A solid understanding of web application security principles, including knowledge of the OWASP Top 10, WAF configurations, and common web attack vectors.
🏖️ Benefits
- • Competitive salary and equity package commensurate with experience and the impact of the role.
- • Comprehensive health, dental, and vision insurance plans.
- • Generous paid time off (PTO) and company holidays.
- • Opportunities for professional development, including conferences, training, and certifications.
- • Remote work flexibility with occasional travel to company sites (4-6 times per year) for team collaboration and strategic planning.
- • The chance to work on cutting-edge AI technology in the healthcare sector, making a real difference in patient care and outcomes.
Skills & Technologies
See exactly how your profile matches this role — strengths, skill gaps, and what to do about them.
About Open Evidence
Open Evidence is a technology company specializing in the development of advanced data analysis and evidence management solutions. Their platform is designed to help organizations, particularly in the legal and investigative sectors, to efficiently collect, organize, review, and analyze vast amounts of digital evidence. By leveraging cutting-edge artificial intelligence and machine learning, Open Evidence aims to streamline complex workflows, uncover critical insights, and reduce the time and cost associated with evidence processing. The company focuses on providing secure, scalable, and user-friendly tools that enhance the capabilities of legal professionals, law enforcement agencies, and corporate compliance teams in managing and presenting digital evidence effectively.
Subscribe to the weekly newsletter for similar remote roles and curated hiring updates.
Newsletter
Weekly remote jobs and featured talent.
No spam. Only curated remote roles and product updates. You can unsubscribe anytime.
Similar Opportunities

Aircall Inc.
4 months ago
5 months ago

Cision Ltd.
4 months ago

Oscilar Inc.
2 months ago
