Staff Security Engineer

📋 Description

• • As Pivotal Health's inaugural dedicated security hire, you will be instrumental in architecting and establishing a comprehensive security program from its inception. This pivotal role demands a strategic thinker and hands-on executor who can build robust security foundations for a rapidly growing technology platform.
• • You will be responsible for strengthening both platform and infrastructure security, taking the lead in defining the company's security roadmap. This includes identifying and prioritizing the protection of critical company assets, often referred to as "crown jewels," and fostering a secure-by-design culture that permeates throughout the engineering organization.
• • This position operates at the crucial intersection of platform engineering, infrastructure management, and security architecture. A key aspect of your role will involve close collaboration with various engineering teams to design and implement secure cloud systems, establish automated guardrails, and develop patterns that enable rapid development without compromising security.
• • You will play a significant part in embedding security directly into the core of the platform itself. This involves shaping infrastructure design, defining networking boundaries, optimizing CI/CD workflows, and enhancing developer tooling to ensure security scales seamlessly as the system and user base expand.
• • A critical responsibility will be to mature Pivotal's overall security posture, preparing the company for and maintaining compliance with relevant industry standards and regulations. You will ensure that security practices evolve in lockstep with the platform's development and the company's business objectives.
• • This is a high-impact role offering substantial ownership and the opportunity to significantly influence the systems, practices, and architecture that safeguard the platform as Pivotal experiences continued growth and scaling.
• • You will translate complex regulatory requirements and evolving security risks into pragmatic, actionable engineering solutions. This requires balancing robust protection mechanisms with the need to maintain developer velocity and agility.
• • **Define and Evolve Security Architecture:** Take ownership of Pivotal’s security architecture, shaping its long-term vision and establishing foundational patterns and guardrails. Ensure that infrastructure, networking, and services remain secure and resilient as the platform scales.
• • **Build Security into the Platform:** Design, implement, and automate security controls, policies, and tooling that are intrinsically integrated into our infrastructure and engineering workflows. The goal is to move beyond manual review processes towards a proactive, automated security model.
• • **Own Infrastructure Security and Automation:** Enhance and expand Infrastructure as Code (IaC) practices, particularly with Terraform, to ensure secure, consistent, and auditable infrastructure provisioning across all environments. Deploy and integrate security tooling to bolster detection, prevention, and response capabilities across the entire platform.
• • **Lead Cloud and Network Security Design:** Architect secure networking solutions, including VPC configurations, private networking strategies, firewall policies, and edge protection mechanisms. Safeguard internal systems and sensitive customer data effectively. As the platform evolves, extend these security practices to any hybrid or on-premise infrastructure environments.
• • **Secure Development Workflows and CI/CD:** Establish and enforce best practices for secure build pipelines, robust dependency management, artifact integrity, and secure software delivery processes. Ensure the entire software development lifecycle is protected.
• • **Drive Compliance Readiness and Maturity:** Lead security initiatives crucial for frameworks such as SOC 2 and HIPAA. This includes control design, remediation efforts, audit preparation, and implementing long-term security improvements to meet and exceed regulatory requirements.
• • **Translate Compliance to Engineering:** Convert compliance frameworks (e.g., SOC 2, NIST, HIPAA) into actionable engineering tasks and automated controls that integrate seamlessly with developer workflows, minimizing disruption and maximizing efficiency.
• • **Technical Point of Contact for Audits:** Serve as the primary technical liaison during audits and security reviews. Confidently represent Pivotal’s security posture to auditors, partners, and customers, demonstrating a strong understanding and command of our security practices.
• • **Enhance Monitoring and Visibility:** Design and implement systems that generate meaningful security signals across infrastructure and services. Improve the ability of teams to detect security issues early and respond effectively to incidents.
• • **Reduce Security Toil through Automation:** Proactively identify manual or repetitive security tasks and replace them with automated systems, advanced tooling, and strategic infrastructure improvements, freeing up valuable engineering resources.
• • **Partner with Engineering Teams:** Act as a trusted technical partner to engineering teams across the company. Assist them in designing secure systems while preserving development speed and a positive developer experience. Function as a "security champion," collaborating with engineering and IT to identify vulnerabilities and implement practical, effective remediation solutions.
• • **Raise the Bar for Security Engineering:** Set the technical direction for security engineering at Pivotal. Establish clear security standards and mentor engineers as the platform and security posture mature. Develop guidelines and protocols for the responsible and secure use of emerging technologies, including AI and LLMs, within both product development and internal workflows.
• • **Pragmatic Security Solutions:** Champion the development of practical, custom-fit security solutions over relying solely on expensive, potentially over-engineered enterprise tools. Focus on effectiveness and efficiency.
• • **Hands-on Leadership:** Embrace operating in a fast-paced environment where you will be responsible for both defining security strategy and executing hands-on technical work to implement it.