Staff Security Engineer (AI)

TL;DR

Staff Security Engineer (AI): Designing and implementing scalable security infrastructure for a virtual clinic with an accent on HIPAA, SOC 2, and ISO 27001 compliance and secure-by-default design patterns. Focus on building self-service security tools, automating policy enforcement, and leading threat modeling for new products.

Location: Hybrid. Must be based in the US. Primarily operating from the New York Metropolitan area, NY, or remotely via San Francisco/Bay Area, CA, Seattle, WA, Boston, MA, Chicago, IL, and Washington, D.C. For NYC, three days a week onsite required. For other hub cities, quarterly Work Together Days required.

Salary: $221,000–$260,000 per year.

Company

hirify.global is the world's largest virtual clinic dedicated to making healthcare work for women and families through award-winning digital programs.

What you will do

• Design and implement scalable infrastructure supporting HIPAA, SOC 2, and ISO 27001 compliance.
• Build and maintain systems for identity, authentication, access management, observability, and anomaly detection.
• Create self-service security tools that integrate with developer workflows and automate policy enforcement.
• Lead threat modeling and security architecture reviews for new products and services.
• Partner with product and data teams to embed secure-by-default design patterns and ensure secure data handling.
• Act as a technical authority for security engineering, mentor peers, and champion continuous improvement.

Requirements

• 8+ years of software engineering experience, including 3+ in security infrastructure or application security.
• Proven ability to design and implement large-scale, distributed, cloud-native systems.
• Strong coding proficiency in Python, TypeScript, Go, and/or Rust.
• Deep understanding of cloud security (GCP preferred; AWS/Azure welcome).
• Experience with Kubernetes, containers, and infrastructure-as-code (Terraform).
• Familiarity with security testing frameworks and secure SDLC principles.
• Excellent communication and documentation skills.
• Must be a US-based, full-time employee.

Nice to have

• Expertise in Zero Trust architectures, authentication/authorization frameworks, and data-loss prevention.
• Experience with security compliance automation (SOC 2, ISO 27001, PCI-DSS, NIST).
• Familiarity with AI/ML security and AI-assisted analysis tools.
• Certifications such as CISSP, GCP Professional Cloud Security Engineer, or OSCP.

Culture & Benefits

• Flexible hybrid work model with in-office meals and Work Together Days.
• Access to the full Maven platform and specialists, including care for mental health, reproductive health, and pediatrics.
• 16 weeks 100% paid parental leave and new parent stipend (for employees with 1 year+ tenure).
• Annual professional development stipend and access to a personal career coach.
• 401K matching for US-based employees with immediate vesting.