Security Engineer

About Remo

Remo is building the new standard of dementia care by fundamentally changing the care journey for individuals living with dementia and their caregivers (the Dyad). As a virtual dementia care provider, our expert clinical team designs personalized, comprehensive care to serve people with dementia and caregiver needs (instead of a one-size-fits-all approach). We empower family caregivers by connecting them with a vibrant community of other caregivers, expert content, and tools to manage the entire dementia journey – from anywhere, at any time. Our mission is simple – to provide accessible, comprehensive, quality dementia care for every person who needs it.

About the Role

You’ll help us build secure-by-default systems, proactively detect and respond to threats, and guide cross-functional teams through best practices in secure development. Whether it’s tuning SAST tooling in CI, securing Next.js applications, running red-team-style tests, or designing cloud IAM policies, you’ll bring clarity, urgency, and expertise.

We’re looking for someone who’s pragmatic, collaborative, and deeply technical—able to both write Terraform and explain the tradeoffs behind an auth flow. If you’re the kind of engineer who spots security debt before it becomes risk and builds trust by improving the developer experience, we want to talk.

What you’ll be doing

• Continuously monitor our infrastructure and application surface area for active threats, unauthorized access, potential vulnerabilities or exposures.

• Own and evolve our security architecture across GCP, GKE, and AWS, with a focus on Google Assured Workloads.

• Review and secure Terraform-based infrastructure changes against CIS benchmarks, HIPAA, HITRUST, and other control frameworks.

• Develop response playbooks, lead incident response efforts, and close the loop quickly when issues arise.

• Actively respond to and mitigate security incidents in real time.

• Run internal red-team-style exercises and simulate real-world attacks to harden our defenses before attackers test them.

• Correlate data across logs, traces, and metrics (we use Datadog) to detect anomalies and potential compromise.

• Perform continuous penetration testing and active scanning of our infrastructure, networks, and services.

• Secure product-layer surfaces by implement and enforcing security controls across our applications and APIs.

• Integrate and monitor security tooling (SAST, IAST, SCA, secrets scanning) into GitHub workflows and CI/CD pipelines.

• Collaborate with engineering on secure coding standards, architecture reviews, and threat modeling.

• Maintain compliance documentation, conduct internal security audits, and ensure security measures align with business objectives.

You May Be a Good Fit If You

• Have 8+ years of experience in cybersecurity engineering.

• Have strong knowledge of modern DevSecOps principles.

• Are experienced securing applications in healthcare, securing ePHI, and HIPAA.

• Have working knowledge of compliance frameworks such as HIPAA, SOC2, NIST, or ISO 27001.

• Have deep hands-on experience with Terraform, GCP, GKE, AWS, and cloud security controls.

• Are experienced with SIEM platforms, runtime threat detection, and monitoring workflows.

• Are familiar with offensive security, red teaming, and continuous penetration testing.

• Have a strong product-layer security mindset—proficient in securing modern web applications.

• Are experienced integrating and operationalizing SAST, IAST, SCA, and secrets scanning tools.

• Have a proven ability to design, implement, and monitor CI/CD security pipelines, secrets/config management, cloud auth systems, and observability pipelines.

• Are experienced deploying, securing, and monitoring APIs in production environments.

• Have familiarity with Google Assured Workloads, policy enforcement, and workload isolation.

• Have availability to work nights and weekends during unplanned outages or security incidents.

You’re the Ideal Candidate If You Have

• Security+, OSCP, CISSP, or CEH certifications—or equivalent real-world experience in threat detection and incident response.

• Experience with RAG architectures, Gemini LLM, or securing LLM-powered features.

• A background in healthcare security, PHI protection, and compliance frameworks.

Medical

• 100% Company-paid medical premiums for you and your dependents with HSA options

• Dental and vision plans (50% company-paid premium on employee’s dental plan)

• Dependent care FSA

Financial

• 100% 401(k) match of up to 4%

• $80 / month stipend for cell and wifi

Time Off

• 20 days of PTO and 11 paid holidays

• 5 days sick leave

• 16 weeks fully paid parental leave for birthing parents and 8 weeks for non-birthing parents

• Bereavement leave and pregnancy loss leave

Opt-In Ancillary Options:

• Short-term and long-term disability insurance

• Life insurance

• Critical illness, accident, and hospital indemnity insurance

• Pet insurance

• Legal advice

• Identity theft protection

• Doctegrity for you and your family in your household

Remo aims to reduce health inequities by improving access to affordable, high-quality dementia care. Embracing diversity and equal opportunity are core to that mission--these principles shape our culture, the products we build, and the services we deliver. We celebrate a variety of backgrounds, perspectives, and skills, reflecting the diversity of the caregivers and patients we serve.

We use E-Verify to confirm the identity and employment eligibility of all new hires: Participation Poster (PDF), Right to Work Poster (PDF)