Senior Security Engineer

📋 Description

• • Join Metriport as a Senior Security Engineer and play a pivotal role in safeguarding a leading open-source data intelligence platform that is revolutionizing healthcare data exchange. In this high-impact role, you will be instrumental in building and maintaining robust security infrastructure, ensuring the integrity, confidentiality, and availability of sensitive patient data for millions of individuals across the US. Metriport has achieved significant product-market fit, boasting multi-million ARR, a strong customer base including Strive Health, Circle Medical, and Brightside Health, and substantial backing from top-tier venture capitalists. We are at a critical growth phase, and your expertise will be essential in scaling our operations securely and efficiently.
• • As a Senior Security Engineer, you will be the primary guardian of Metriport's security posture. You will evangelize security best practices across our engineering team, providing guidance, training, and mentorship. Your responsibilities will extend to driving full-stack security projects from inception to successful production rollout. This includes implementing enterprise-grade solutions such as comprehensive audit logging for new national healthcare network infrastructure, and developing fine-grained Role-Based Access Control (RBAC) for API key access and user interfaces.
• • You will be a key contributor to revamping our internal security policies and implementing tools that enhance platform and employee security while maintaining operational efficiency. This involves a proactive approach to identifying and mitigating potential threats, ensuring compliance with healthcare regulations, and fostering a security-first mindset throughout the organization. Your contributions will directly impact our ability to secure and scale our platform, meeting the stringent demands of the healthcare industry.
• • Day-to-day, your role will involve collaborating closely with the engineering team, offering security-focused reviews of code changes (pull requests) to catch vulnerabilities early in the development lifecycle. You will work hand-in-hand with our Go-to-Market team to expertly navigate customer security assessments and questionnaires, building trust and demonstrating our commitment to data protection. Furthermore, you will be instrumental in hardening security across the entire development lifecycle, focusing on critical areas like secret management, access controls, and vulnerability scanning.
• • We operate with a philosophy of "sustainable intensity," encouraging rapid progress while maintaining a strong security foundation. You will manage your own workload effectively using Linear, participate actively in bi-weekly sprint planning and retrospective sessions, and contribute to quarterly planning. While we work hard, we value output and trust our team to manage their time. The only mandatory recurring meeting is a brief, daily 30-minute remote stand-up at 7:30 am PST, Monday through Friday, allowing for maximum focus on impactful work.
• • This role is ideal for an entrepreneurial-minded individual with an "olympian-level" work ethic, passionate about security and eager to take end-to-end ownership of security initiatives. You should be confident in your ability to build scalable systems across the full stack, often serving as the go-to technical advisor for your colleagues. We seek individuals who approach challenges with a "can-do" attitude, unafraid to dive deep into unfamiliar domains. A strong sense of ownership, demonstrated leadership capabilities, and the ability to move quickly without compromising security are paramount. You should be a "hacker at heart," understanding the balance between innovation and adherence to security principles, always questioning how to achieve results faster and more effectively.
• • Your impact will be significant, directly contributing to Metriport's mission of empowering healthcare organizations with real-time data intelligence. By ensuring the security and compliance of our platform, you will enable our customers to provide better patient care and drive innovation in the healthcare ecosystem. This is an opportunity to shape the security strategy of a rapidly growing, well-funded company in a critical industry, working alongside a talented team of former founders and YC alumni.
• • We are committed to a diverse and inclusive workforce, and we welcome individuals from all backgrounds, experiences, perspectives, and abilities. Metriport provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability, genetics, sexual orientation, gender identity, or gender expression.