Senior Security Engineer job opportunity at Included Health.

Home Jobs In United States Of America Tag: Security – Cyber Security Senior Security Engineer position at Included Health


bot
Included Health Senior Security Engineer
Experience: 6 Years
Pattern: Remote
Country:
apply Apply Now
Salary:
Status:

Security,Cyber Security

Copy Link Report
degreeBachelor's (B.Sc.)
loacation Remote, United States Of America
loacation Remote....United States Of America

The Senior Security Engineer is a hands-on, high-impact technical role responsible for designing, implementing, and automating robust security controls across our application stack and cloud environments (primarily AWS, with GCP considerations).You will strengthen our end-to-end security posture by proactively identifying and remediating vulnerabilities, developing advanced security solutions across the SDLC through production, and building scalable automation using Python, Go, Terraform, and Tines. Your work will directly contribute to the prevention of unauthorized PHI access and exfiltration, helping us evolve toward a proactive defense model.This is a remote role reporting to the Senior Manager, Security Engineering and plays a critical role in advancing our overall security maturity and resilience.\nResponsibilities:Design, build, and implement Just-in-Time (JIT) access controls and Privileged Access Management (PAM) workflows to eliminate standing privileged accounts in production.Conduct platform permission reviews and implement a least-privilege access model for cloud and application roles.Ensure 100% of production access requests and approvals are captured in audit logs.Lead the implementation, tuning, and operation of security tools in the CI/CD pipeline, including SAST, DAST, SCA, and secrets scanning.Develop custom SAST rules to detect specific, high-risk flaw patterns, such as authorization bypasses or insecure PII/PHI handling.Partner with engineering to deploy IDE plugins and automated PR checks that block sensitive data exposure before deployment.Conduct manual security code reviews for high-risk features and cryptographic implementations.Design, build, and maintain automation for the end-to-end vulnerability management lifecycle.Engineer automated workflows to triage, validate, and assign new vulnerabilitiesDevelop and maintain security automation scripts, tools, and services in Python or Go to streamline security operations and compliance checks.Partner with SecOps to build high-fidelity SIEM correlation rules and automated response playbooks.Design, implement, and maintain encryption strategies for data at rest and in transit, ensuring PHI is protected in compliance with HIPAA.Manage the cryptographic key lifecycle and administer key management systemsDesign and implement secure cloud network architectures (VPCs, subnets, security groups, NACLs) and network segmentation strategies.Lead the remediation of cloud security findingsImplement and manage a centralized security control planeDesign and implement Data Loss Prevention (DLP) policies for endpoints and cloud services to protect against sensitive data exfiltration.Design and enforce security configurations and hardening standards for diverse operating systems (macOS, Windows, Linux) via MDM/UEM platforms.Manage and tune endpoint security solutions, including EDR/XDR (e.g., CrowdStrike).Lead threat modeling sessions for new features and conduct secure design reviews of system architectures, applications, and APIs.Act as an embedded security partner and subject matter expert for product and platform teams, providing technical guidance and mentorship.Develop and manage security programs for emerging risks, including SaaS security and AI security.Required Qualifications:6+ years of experience in security engineering, with hands-on expertise in both application security and cloud security (AWS strongly preferred).Strong proficiency in at least one scripting or programming language (Python or Go preferred) for security automation.Demonstrable experience in two or more of the following core areas: 1) Application & SDLC Security, specifically with SAST, DAST, and SCA tools (e.g., Semgrep, Snyk, Burp Suite) and CI/CD automation; 2) Security Automation & Engineering using SOAR platforms (e.g., Tines) and Terraform; 3) Cloud Security (AWS/GCP) with a focus on designing secure cloud-native services (VPCs, IAM, WAF, CSPM); 4) Identity & Encryption, including JIT access controls, PAM, and cryptographic key lifecycles; or 5) Endpoint & Data Security utilizing EDR/XDR, DLP, and MDM solutions.Experience securing containerized environments (Docker, Kubernetes).Previous experience in healthcare, fintech, or other highly regulated industriesExcellent communication skills, with the ability to explain complex security risks to both technical and non-technical stakeholders.Preferred Qualifications:Experience with mobile application security (iOS/Android).Familiarity with AI security principles and governing LLM usage.Experience building or managing a SaaS security (SSPM) program.Background in software development, DevOps, or Site Reliability Engineering.Experience with incident response, threat hunting, and forensics.Relevant security certifications such as: CISSP, GIAC certifications (GWAPT, GPEN, GCIH), AWS Certified Security – Specialty or GCP Professional Cloud Security Engineer, OSCP, CEH, or other offensive security certificationsContributions to open-source security projects or active participation in the security communityPhysical/Cognitive Requirements:Capability to remain seated in a stationary position for prolonged periods.Eye-hand coordination and manual dexterity to operate keyboard, computer and other office-related equipment.Capability to work with leadership, employees, and members in an appropriate manner.\nPay:The United States new hire base salary target ranges for this full-time position are:Zone A: $128,130 - $180,990+ equity + benefitsZone B: $140,943 - $199,089 + equity + benefitsZone C: $153,756 - $217,188 + equity + benefitsZone D: $166,569 - $235,287 + equity + benefitsThis range reflects the minimum and maximum target for new hire salaries for candidates based on their respective Zone. Below is additional information on Included Health's commitment to maintaining transparent and equitable compensation practices across our distinct geographic zones.Starting base salary for you will depend on several job-related factors, unique to each candidate, which may include education; training; skills; years and depth of experience; certifications and licensure; our needs; internal peer equity; organizational considerations; and understanding of geographic and market data. Compensation structures and ranges are tailored to each zone's unique market conditions to ensure that all employees receive fair and great compensation package based on their roles and locations. Your Recruiter can share your geographic zone upon inquiry.Benefits & Perks:In addition to receiving a great compensation package, the compensation package may include, depending on the role, the following and more:Remote-first culture401(k) savings plan through FidelityComprehensive medical, vision, and dental coverage through multiple medical plan options (including disability insurance)Paid Time Off ("PTO") and Discretionary Time Off ("DTO")12 weeks of 100% Paid Parental leaveFamily Building & Compassionate Leave: Fertility coverage, $25,000 for surrogacy/adoption, and paid leave for failed treatments, adoption or pregnancies.Work-From-Home reimbursement to support team collaboration home office workYour recruiter will share more about the salary range and benefits package for your role during the hiring process.About Included HealthIncluded Health is a new kind of healthcare company, delivering integrated virtual care and navigation. We’re on a mission to raise the standard of healthcare for everyone. We break down barriers to provide high-quality care for every person in every community — no matter where they are in their health journey or what type of care they need, from acute to chronic, behavioral to physical. We offer our members care guidance, advocacy, and access to personalized virtual and in-person care for everyday and urgent care, primary care, behavioral health, and specialty care. It’s all included. Learn more at includedhealth.com. -----Included Health is an Equal Opportunity Employer and considers applicants for employment without regard to race, color, religion, sex, orientation, national origin, age, disability, genetics or any other basis forbidden under federal, state, or local law. Included Health considers all qualified applicants with arrest or conviction records in accordance with the San Francisco Fair Chance Ordinance, the Los Angeles County Fair Chance Ordinance, and California law.

Other Ai Matches

remote-jobserver Remote
FP&A Business Partner Applicants are expected to have a solid experience in handling Finance – Financial Planning & Analysis related tasks
remote-jobserver Remote
Senior Software Engineer, Backend Applicants are expected to have a solid experience in handling Engineering – Software Engineering related tasks
remote-jobserver Remote
Sr. Director, Consultant Relations Applicants are expected to have a solid experience in handling Growth & Business Excellence – Sales related tasks
Chief of Staff to CEO Applicants are expected to have a solid experience in handling Business Operations – Administrative (Business Operations) related tasks
remote-jobserver Remote
Pediatric Nurse Care Manager Applicants are expected to have a solid experience in handling Clinical Strategy and Services – Clinical Team related tasks
remote-jobserver Remote
Senior Security Engineer Applicants are expected to have a solid experience in handling Security – Cyber Security related tasks
remote-jobserver Remote
Remote Mental Health Therapist Applicants are expected to have a solid experience in handling Clinical & Behavioral Health – General Interest related tasks
remote-jobserver Remote
Staff Product Designer, Growth and Visual Applicants are expected to have a solid experience in handling Product & Design – Design related tasks
remote-jobserver Remote
Accounts Payable Associate Applicants are expected to have a solid experience in handling Finance – Accounting related tasks
Psychiatrist Applicants are expected to have a solid experience in handling Psychiatry related tasks
remote-jobserver Remote
Business Development Representative Applicants are expected to have a solid experience in handling Growth & Business Excellence – Corporate Marketing related tasks
remote-jobserver Remote
Client Security Analyst Applicants are expected to have a solid experience in handling Security – Cyber Security related tasks
remote-jobserver Remote
Enterprise Sales Regional Vice President Applicants are expected to have a solid experience in handling Growth & Business Excellence – Sales related tasks
remote-jobserver Remote
Senior Manager, Business Acceleration - All-Included Care & Navigation Applicants are expected to have a solid experience in handling Growth & Business Excellence – Operations related tasks
remote-jobserver Remote
Manager, Executive Recruiting Applicants are expected to have a solid experience in handling Talent & Organization – Talent Acquisition related tasks
remote-jobserver Remote
Director, Staffing Operations & Vendor Management Applicants are expected to have a solid experience in handling OpsMember Care – Care Operations related tasks
remote-jobserver Remote
Pediatric Nurse Care Manager Applicants are expected to have a solid experience in handling Clinical Strategy and Services – Clinical Team related tasks
remote-jobserver Remote
Pediatric Behavioral Health Nurse Care Manager Applicants are expected to have a solid experience in handling Clinical Strategy and Services – Clinical Team related tasks
remote-jobserver Remote
Software Engineer II, Backend Applicants are expected to have a solid experience in handling Engineering – Software Engineering related tasks
remote-jobserver Remote
Member Care Advocate (MCA) Applicants are expected to have a solid experience in handling OpsMember Care – Member Care related tasks
remote-jobserver Remote
Clinical Quality AI Specialist Applicants are expected to have a solid experience in handling Clinical Strategy and Services – Clinical Strategy and Services related tasks
remote-jobserver Remote
Manager, Business Acceleration - Care Delivery Applicants are expected to have a solid experience in handling Growth & Business Excellence – General Management related tasks
remote-jobserver Remote
Administrative Assistant Applicants are expected to have a solid experience in handling Clinical Strategy and Services – Clinical Strategy and Services related tasks