Lead Engineer - Security

At Fullscript, we’re not just changing healthcare—we’re setting a new standard. We empower over 100,000 healthcare practitioners to serve 10 million patients, giving them the tools to deliver proactive, whole-person care. Our platform is built to redefine wellness, seamlessly combining treatment plans, diagnostics, education, and high-quality supplements—all in one place.
We don’t just support practitioners—we’re fuelling a movement. This is your chance to be part of something bigger. Come build the future of healthcare with us. Let’s make healthcare whole.
Fullscript is looking for an experienced Lead Security Engineer. You will be leading and maturing our efforts in shifting left, delivering better security postures, development standards, and effective risk management. You will join a Security team that’s responsible for DevSecOps, AppSec, GRC, security operations, and incident response. You will have the opportunity to make a difference on a wide array of security challenges and solve interesting problems along the way.

What you'll do:

• Lead and mentor a security engineering team while partnering with teams like Engineering and IT to embed security throughout our development lifecycle.
• Define and implement security best practices, combining practical recommendations with automated guardrails.
• Drive security initiatives and provide technical guidance for infrastructure decisions, ensuring security is considered from design through implementation.
• Establish and optimize security triage processes, including SLAs, severity frameworks, and remediation protocols.
• Review feature designs and technical approaches to ensure features are developed with security in mind.
• Grow and expand our purple team capabilities.
• Sharing your knowledge and expertise with our developer community.

What you bring to the table:

• Demonstrated success mentoring and developing security engineering teams.
• Experience partnering with cross-organizational teams to drive security initiatives.
• Proven ability to translate complex security concepts for diverse technical audiences.
• Track record of building and optimizing security triage processes.
• Hands-on coding experience in at least one modern programming language.
• Understanding of industry frameworks (SOC2, PCI, HIPAA, HITRUST, NIST).

Additional experience we value:

• Background in automation and infrastructure as code (Terraform, CloudFormation).
• Container security and Kubernetes ecosystem security.
• Implementation of cloud security platforms (Wiz) and SIEM solutions.
• Compliance automation and continuous control monitoring (Drata).
• Edge security (WAF).
• Experience securing Ruby on Rails and Javascript applications.
• Experience in securing APIs (GraphQL).
• Experience with pen-test software (Burpsuite).
• Experience with software threat modelling.
• Database security best practices (MySQL, Postgres).
• Experience with security tooling integration in CI/CD pipelines (GitLab, GitHub Actions).
• Advanced Linux/Unix systems security.

What we can offer you:

• Generous PTO and competitive pay.
• Fullscript’s RRSP match program for financial health.
• Flexible benefits package and workplace wellness program.
• Training budget and company-wide learning initiatives.
• Discount on Fullscript catalog of products.
• Ability to work Wherever You Work Well*

This is your chance to do work that matters. If you’re ready to bring your passion, drive, and talent to a company that’s changing the game, we want to hear from you.
🔗 Apply now. Let’s build the future of healthcare—together.
Fullscript is an equal-opportunity employer. We celebrate diversity and are committed to creating an inclusive workplace. Accommodations are available on request—email accommodations@fullscript.com for support.
Before joining the team, all candidates who receive and accept an offer will complete a background check.
🚀 More about us: www.fullscript.com | www.rupahealth.com | Follow us on social media @fullscriptHQ🔥 IN THE NEWS: Fullscript acquires Rupa Health.