Included Health · 21 hours ago
Senior Security Engineer
United States
Full-time
Remote
Mid, Senior Level
$128K/yr - $181K/yr
6+ years expIncluded Health is a new kind of healthcare company, delivering integrated virtual care and navigation. The Senior Security Engineer is responsible for designing, implementing, and automating robust security controls across the application stack and cloud environments, while strengthening the overall security posture by identifying vulnerabilities and developing security solutions.
Health CareHospitalMedicalmHealth
Responsibilities
Design, build, and implement Just-in-Time (JIT) access controls and Privileged Access Management (PAM) workflows to eliminate standing privileged accounts in production
Conduct platform permission reviews and implement a least-privilege access model for cloud and application roles
Ensure 100% of production access requests and approvals are captured in audit logs
Lead the implementation, tuning, and operation of security tools in the CI/CD pipeline, including SAST, DAST, SCA, and secrets scanning
Develop custom SAST rules to detect specific, high-risk flaw patterns, such as authorization bypasses or insecure PII/PHI handling
Partner with engineering to deploy IDE plugins and automated PR checks that block sensitive data exposure before deployment
Conduct manual security code reviews for high-risk features and cryptographic implementations
Design, build, and maintain automation for the end-to-end vulnerability management lifecycle
Engineer automated workflows to triage, validate, and assign new vulnerabilities
Develop and maintain security automation scripts, tools, and services in Python or Go to streamline security operations and compliance checks
Partner with SecOps to build high-fidelity SIEM correlation rules and automated response playbooks
Design, implement, and maintain encryption strategies for data at rest and in transit, ensuring PHI is protected in compliance with HIPAA
Manage the cryptographic key lifecycle and administer key management systems
Design and implement secure cloud network architectures (VPCs, subnets, security groups, NACLs) and network segmentation strategies
Lead the remediation of cloud security findings
Implement and manage a centralized security control plane
Design and implement Data Loss Prevention (DLP) policies for endpoints and cloud services to protect against sensitive data exfiltration
Design and enforce security configurations and hardening standards for diverse operating systems (macOS, Windows, Linux) via MDM/UEM platforms
Manage and tune endpoint security solutions, including EDR/XDR (e.g., CrowdStrike)
Lead threat modeling sessions for new features and conduct secure design reviews of system architectures, applications, and APIs
Act as an embedded security partner and subject matter expert for product and platform teams, providing technical guidance and mentorship
Develop and manage security programs for emerging risks, including SaaS security and AI security
Qualification
Required
6+ years of experience in security engineering, with hands-on expertise in both application security and cloud security (AWS strongly preferred)
Strong proficiency in at least one scripting or programming language (Python or Go preferred) for security automation
Demonstrable experience in two or more of the following core areas: 1) Application & SDLC Security, specifically with SAST, DAST, and SCA tools (e.g., Semgrep, Snyk, Burp Suite) and CI/CD automation; 2) Security Automation & Engineering using SOAR platforms (e.g., Tines) and Terraform; 3) Cloud Security (AWS/GCP) with a focus on designing secure cloud-native services (VPCs, IAM, WAF, CSPM); 4) Identity & Encryption, including JIT access controls, PAM, and cryptographic key lifecycles; or 5) Endpoint & Data Security utilizing EDR/XDR, DLP, and MDM solutions
Experience securing containerized environments (Docker, Kubernetes)
Previous experience in healthcare, fintech, or other highly regulated industries
Excellent communication skills, with the ability to explain complex security risks to both technical and non-technical stakeholders
Preferred
Experience with mobile application security (iOS/Android)
Familiarity with AI security principles and governing LLM usage
Experience building or managing a SaaS security (SSPM) program
Background in software development, DevOps, or Site Reliability Engineering
Experience with incident response, threat hunting, and forensics
Relevant security certifications such as: CISSP, GIAC certifications (GWAPT, GPEN, GCIH), AWS Certified Security – Specialty or GCP Professional Cloud Security Engineer, OSCP, CEH, or other offensive security certifications
Contributions to open-source security projects or active participation in the security community
Benefits
Remote-first culture
401(k) savings plan through Fidelity
Comprehensive medical, vision, and dental coverage through multiple medical plan options (including disability insurance)
Paid Time Off ("PTO") and Discretionary Time Off ("DTO")
12 weeks of 100% Paid Parental leave
Family Building & Compassionate Leave: Fertility coverage, $25,000 for surrogacy/adoption, and paid leave for failed treatments, adoption or pregnancies.
Work-From-Home reimbursement to support team collaboration home office work
Company
Included Health
Included Health provides a combination of virtual care, navigation, and communities-based healthcare services.
1001-5000 employees
H1B Sponsorship
Included Health has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (12)
2024 (9)
2023 (8)
2022 (6)
Funding
Current Stage
Late StageTotal Funding
$344MKey Investors
The Carlyle GroupGreylockVenrock
2020-09-09Series E· $175M
2018-05-02Series D· $66M
2017-01-01Series Unknown
Leadership Team
Owen Tripp
Chief Executive Officer
Wade Chambers
CTO & SVP of Engineering
Recent News
Business Wire
2025-12-11
Company data provided by crunchbase