Lead Security Engineer (Medtech)

TL;DR

Lead Security Engineer (Medtech): Define and evolve security architecture across cloud, application, and infrastructure domains with an accent on threat modeling, risk analysis, and secure design principles. Focus on leading complex security investigations, integrating security into the SDLC, and guiding cloud security best practices.

Location: Remote USA

Salary: $180,000.00 - $288,000.00 (San Francisco and Seattle Offices)

Company

hirify.global is the leading prescription savings platform in the U.S., helping Americans find convenient and affordable healthcare by providing access to savings and affordability options for medications.

What you will do

• Define and evolve the security architecture across cloud, application, and infrastructure domains.
• Lead threat modeling and risk analysis for complex systems and new product initiatives.
• Perform enterprise-level risk assessments and translate findings into prioritized remediation roadmaps.
• Lead complex security investigations and incident response efforts.
• Partner with engineering teams to integrate security into the SDLC and improve automation.
• Act as a trusted advisor to engineering leadership, influencing technical decisions and mentoring junior engineers.

Requirements

• 8+ years of cybersecurity or security engineering experience.
• Deep expertise in application security, cloud security (AWS/GCP), and modern DevSecOps practices.
• Prior experience with modern JavaScript frameworks and microservice architecture.
• Demonstrated experience designing and implementing scalable security architectures.
• Strong understanding of SDLC, CI/CD pipelines, and secure development practices.
• Experience conducting enterprise-level risk assessments and incident investigations.
• Excellent written and verbal communication skills.
• Must be based in the USA.

Nice to have

• Experience working in regulated environments (HIPAA, SOC2, PCI).
• Offensive security experience or strong understanding of adversarial techniques.
• Development experience in Python, Rust, or Go.
• Experience with SSO platforms (Okta, SAML) or SIEM/SOC tooling.
• CISSP or equivalent security certification, Cloud security certifications (AWS/GCP), or Certified Kubernetes Administrator.

Culture & Benefits

• Unlimited vacation, 13 paid holidays, and 72 hours of sick leave.
• Medical, dental, and vision insurance with 401(k) company match and an ESPP.
• Mental wellness, financial wellness, fertility, and generous parental leave benefits.
• Committed to growing and empowering an inclusive community, encouraging applications from diverse backgrounds.
• Company-paid short-term and long-term disability, and supplemental life insurance.