Senior Security Engineer

📋 Description

• • Metriport is seeking a highly motivated and entrepreneurial Senior Security Engineer to join our growing team in San Francisco. As a key member of our engineering-heavy, high-performing culture, you will be instrumental in shaping and safeguarding our open-source data intelligence platform. This role is for an individual who thrives in a fast-paced environment, possesses an olympian-level work ethic, and is passionate about owning security initiatives end-to-end. You will be the go-to expert for security, guiding the team and driving critical projects that ensure the integrity and compliance of our platform, which serves over 300 million individuals' medical data.
• • In this role, you will be responsible for evangelizing security best practices across Metriport's expanding team. This involves providing guidance, conducting training sessions, and fostering a security-first mindset throughout the organization. Your expertise will be crucial in helping engineers understand and implement robust security measures in their daily work. You will be expected to lead by example, demonstrating a deep understanding of security principles and their practical application.
• • You will drive full-stack security projects from conception through to production rollout. These initiatives will be diverse and impactful, ranging from implementing enterprise-grade audit logging solutions for complex national healthcare network infrastructure stacks to enhancing our API access layer with fine-grained Role-Based Access Control (RBAC) and developing more robust roles for our user interfaces. Your work will directly contribute to the security posture and scalability of our platform.
• • A significant part of your role will involve revamping our internal security policies and implementing tools to fortify the platform and protect employees, all while ensuring that the team remains efficient and agile. This includes developing and enforcing policies that align with industry best practices and regulatory requirements, particularly within the healthcare domain.
• • You will collaborate closely with the Go-to-Market team to expertly complete customer security assessments and questionnaires. This requires a thorough understanding of our security controls and the ability to articulate them clearly and concisely to external stakeholders, building trust and facilitating business growth.
• • You will work hand-in-hand with the engineering team to harden security across the entire development lifecycle. This encompasses critical areas such as secure secret management, robust access controls, and the implementation of continuous vulnerability scanning. Your proactive approach will help prevent potential security breaches and ensure the ongoing security of our codebase and infrastructure.
• • You will be expected to manage your own workload efficiently using Linear, ensuring timely delivery of tasks and projects. This includes participating actively in bi-weekly sprint planning and retrospective sessions, as well as quarterly planning meetings, contributing to the team's agile development process.
• • A key aspect of our culture is efficient communication and collaboration. You will attend a daily 30-minute remote stand-up meeting at 7:30 am PST, Monday through Friday. This is our only regularly scheduled mandatory meeting, reflecting our commitment to minimizing unnecessary meetings and maximizing productive work time.
• • You will be empowered to take ownership of your work, diving deep into complex security challenges and developing innovative solutions. We encourage a proactive approach, where you identify potential security risks and implement preventative measures before they become critical issues. Your ability to move fast while maintaining a strong security posture will be highly valued.
• • This role offers a unique opportunity to make a significant impact on a rapidly growing company at the forefront of healthcare data intelligence. You will have the autonomy to define and execute security strategies, working with a talented team of former founders and YC alumni who are passionate about building exceptional products.
• • We believe in hiring based on competence and potential, not just prestige. If you are a hacker at heart, possess a strong sense of ownership, and are driven by the desire to solve challenging problems, this is the role for you. You will be encouraged to question assumptions, challenge the status quo, and find the most efficient and effective ways to achieve security goals, always asking yourself how tasks can be accomplished faster and more effectively.
• • Your contributions will directly influence the security and trustworthiness of Metriport's platform, which is critical for healthcare organizations relying on real-time patient data. You will play a pivotal role in ensuring compliance with stringent healthcare regulations and maintaining the highest standards of data protection for millions of individuals.
• • We are looking for someone who is not afraid to dive into unfamiliar technical areas, learn quickly, and apply their problem-solving skills to a wide range of security challenges. Your confidence in your ability to build scalable systems and your reputation as a technical guide will be essential assets to the team.
• • This role is ideal for an individual who prioritizes delivering value and achieving end results, rather than getting caught up in the specifics of the latest technologies. Your focus will be on building secure, reliable, and efficient solutions that meet the needs of our customers and the business.
• • You will be a critical part of our mission to revolutionize healthcare data exchange, ensuring that our platform is not only innovative but also exceptionally secure and compliant. Your leadership and expertise will be foundational to our continued success and growth.