Senior Security Engineer

At Collective Health, we’re transforming how employers and their people engage with their health benefits by seamlessly integrating cutting-edge technology, compassionate service, and world-class user experience design.

You’ll lead initiatives that address the company’s—and some of our industry’s—most sophisticated and meaningful security engineering challenges. You will build relationships across all parts of the business and drive multi-functional initiatives to continuously improve our security and privacy posture. You will be responsible for building and implementing controls that can scale and optimize as we move into a context-aware security environment.

What you'll do:

• Secure AI products and internal tools by assessing security and privacy risks
• Conduct secure design reviews and threat modeling to instill security best practices
• Work with cross-functional teams to implement and maintain identity and access management (IAM) policies and controls within our Service-Oriented Architecture
• Design and operate a robust Public Key Infrastructure (PKI) to ensure secure authentication and encryption across the organization's systems
• Develop secure by default infrastructure using technologies such as Terraform and Kubernetes
• Support the vulnerability management program and prioritize vulnerability fixes
• Perform compliance tasks related to security controls, audits, and reporting
• Oversee the weekly organization wide security newsletter
• Be agile to work across multiple security domains and tackle projects that are critical to maintaining risk to the organization

To be successful in this role, you'll need:

• 5+ years as a Security Engineer
• Proven leadership in risk assessment and threat modeling
• Excellent communication for technical concepts to all stakeholders
• Solid grasp of Identity Access Management lifecycle (Okta preferred)
• In-depth knowledge: PKI architecture, CAs, certificate lifecycle tools
• Experience securing cloud (AWS, GCP) and Kubernetes
• Understanding common security flaws (OWASP Top 10, CIS Benchmarks)
• Familiarity with HIPAA, HITRUST, related healthcare data security rules

Pay Transparency Statement 

This is a hybrid position based out of one of our offices: San Francisco, CA, Plano, TX, or Lehi, UT. Hybrid employees are expected to be in the office two days per week.#LI-hybrid 

The actual pay rate offered within the range will depend on factors including geographic location, qualifications, experience, and internal equity. In addition to the salary, you will be eligible for stock options and benefits like health insurance, 401k, and paid time off. Learn more about our benefits at https://jobs.collectivehealth.com/benefits/.

San Francisco, CA Pay Range$149,350—$187,500 USDLehi, UT Pay Range$119,500—$149,500 USDPlano, TX Pay Range$132,000—$165,000 USD

Why Join Us?

• Mission-driven culture that values innovation, collaboration, and a commitment to excellence in healthcare
• Impactful projects that shape the future of our organization
• Opportunities for professional development through internal mobility opportunities, mentorship programs, and courses tailored to your interests
• Flexible work arrangements and a supportive work-life balance

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. Collective Health is committed to providing support to candidates who require reasonable accommodation during the interview process. If you need assistance, please contact recruiting-accommodations@collectivehealth.com.

Privacy Notice

For more information about why we need your data and how we use it, please see our privacy policy: https://collectivehealth.com/privacy-policy/.