Senior Security Engineer - Application Security

About the role

This is an opportunity to join K's critical InfoSec team as a Senior Security Engineer and operate with foresight in protecting our infrastructure, applications, cloud security, and customer trust. As a lean team, we span across multiple areas such as AppSec, CloudSec, SecOps, ITSec, and Compliance and apply it towards reading and interpreting architecture, or planning and building out net new security solutions. You will have the autonomy to define and implement cutting-edge security solutions across our entire technical ecosystem, ensuring our innovative work remains robust and compliant against evolving global threats. This role is crucial for establishing and maintaining a world-class security posture, particularly within the sensitive and highly regulated healthcare technology space. This role requires onsite presence in our New York City office 4 days a week and does not provide immigration support. Behind every leading health system is K Health's AI-powered virtual care engine. Esteemed health systems like Mayo Clinic, Cedars-Sinai, Mass General Brigham, Hackensack Meridian Health, and Hartford Healthcare partner with K Health to build and run modern primary virtual care clinics on their behalf. Our deeply integrated model modernizes the primary care loop by using AI to put humans first. For our patients, we offer clinical AI (i.e., PatientGPT) and unparalleled access to close care gaps around the clock. For our Providers, we deliver provider-serving agentic solutions (i.e., Perfect Note) to eliminate administrative overload and burnout. And for the health systems, we deploy our top-grade Virtualists in AI-powered virtual clinics 24/7 to capture the patients' care journeys at step one, retain the journey through the system for longitudinal care, and strengthen profitability. We're founded in 2016, headquartered in New York City, and backed by nearly $400 million from leading investors including Valor Equity Partners, Claure Group, Mangrove Capital Partners, 14W, Notable Capital, Lerer Hippeau, Primary Venture Partners, Comcast Ventures, PICO Venture Partners, Max Ventures, and other strategic healthcare partners. We offer competitive compensation packages based on industry benchmarks for function, level, and geographic location. Offer amounts are determined by multiple factors such as a candidate's experience and expertise. We are proud to be an Equal Opportunity Employer and consider applicants for employment regard

Responsibilities

• Lead the development and implementation of robust application security protocols throughout the entire Software Development Lifecycle (SDLC).
• Design, deploy, and continuously monitor cloud security architecture across our cloud environments, ensuring performance and resilience.
• Manage the security posture of K's core IT infrastructure, internal networks, and perimeter defenses, mitigating threats before they impact operations.
• Ensure adherence to relevant healthcare regulatory and compliance requirements (e.g., HIPAA, GDPR, etc.) across all product lines and systems.
• Conduct proactive vulnerability assessments, penetration tests, and security reviews to identify and remediate potential weaknesses in our platforms.
• Collaborate with engineering teams to integrate security tools and practices into continuous integration/continuous deployment (CI/CD) pipelines.

Requirements

• 5+ years of experience in Information Security, Cloud Security, IT Security, and/or Application Security.
• Strong expertise in cloud technology (AWS, GCP, or Azure), modern programming languages, utilization of generative coding utilities, and the security implications of utilizing AI code development utilities.
• Demonstrated experience researching, establishing, and successfully rolling out enterprise-wide security policies and guidelines.
• Proven experience establishing a cutting-edge security posture, particularly within the regulated healthcare technology field.
• Excellent communication skills, capable of translating complex security risks into clear, actionable advice for technical and non-technical stakeholders.
• Expertise in compliance, security, and regulatory areas such as; HIPAA, PHI, AKS, SOC 2, ISO, GDPR, etc.
• Flexibility in covering a rotation for critical on-call support responsibilities
• Bonus:
• Exploring, partnering and implementing bleeding edge tech not readily available to others.
• Experience with specific tools and tech K uses including but not limited to: Datadog, Sumologic, Torq, flare.io , GCP, Entitle, Okta, Orca, FlowSec, Prisma
• Benefits & Perks: #LI-Hybrid
• Hybrid work schedule with weekly lunches and stocked fridges
• Monthly social committees for company events
• 18 vacation days, 9 company holidays, 5 sick days, and 2 personal days
• Stock options for every full-time employee
• Paid parental leave
• 401k benefit
• Commuter Benefits
• Competitive health, dental, and vision insurance options

Benefits

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at khealthcareers? Share your experience