Apply on Employer Site

Truveta · 20 hours ago

Security Engineer

Seattle, WA

Full-time

Onsite

Mid, Senior Level

$115K/yr - $140K/yr

5+ years exp

Truveta is the world’s first health provider led data platform with a vision of Saving Lives with Data. The Security Engineer will design, implement, and support solutions that ensure data security and compliance, playing a critical role in the company's Digital Workplace strategy.

AnalyticsData ManagementHealth Care

No H1B

Responsibilities

Design, implement, and operate data discovery and classification programs across structured and unstructured data sources

Define and maintain data classification standards, labels, and handling requirements aligned with business and regulatory needs

Deploy, tune, and maintain data security and governance tooling (e.g., Microsoft Purview, DLP, Defender for Cloud Apps, DSPM platforms)

Integrate data discovery, classification, and exposure signals into security and governance workflows

Partner with engineering and data platform teams to embed secure-by-design data governance controls into data pipelines and cloud services

Continuously improve visibility into where sensitive data lives, how it is accessed, and how it is protected

Own and operate vulnerability management efforts with a focus on risks that impact sensitive data

Identify and assess data exposure risks caused by cloud misconfigurations, excessive permissions, insecure APIs, and weak access controls

Correlate vulnerability and exposure data with data sensitivity and business impact to drive risk-based prioritization

Track remediation actions to completion and validate the effectiveness of implemented fixes

Provide clear reporting on vulnerability trends, data exposure risk, and remediation progress

Proactively identify shadow data stores, over-shared resources, and misclassified sensitive data

Monitor and continuously improve data security posture, including access controls, encryption, and data lifecycle protections

Qualification

Security EngineeringData SecurityCloud SecurityVulnerability ManagementData GovernanceData ClassificationAzure Cloud ArchitectureRegulatory ComplianceCommunication SkillsCross-functional CollaborationSelf-starterProblem SolvingTeamworkAttention to DetailAdaptability

Required

Bachelor's degree in Cyber Security, Computer Science, Information Security, Information Systems, or a related field, or equivalent practical experience

5+ years of experience in Security Engineering, Data Security, Cloud Security, Vulnerability Management, or Governance-focused roles

Hands-on experience with data discovery, classification, and governance tools (e.g., Microsoft Purview, DLP, DSPM platforms)

Strong understanding of data security concepts, including classification, encryption, access control, data lifecycle management, and least privilege

Experience operating or contributing to vulnerability management programs, including prioritization and remediation tracking

Solid understanding of Azure cloud architecture, data services, and native security controls

Familiarity with identity and access management (Azure Entra ID, RBAC) as it relates to data access and exposure risk

Knowledge of regulatory and compliance frameworks impacting data security (e.g., SOC 2, HIPAA, GDPR, ISO 27001)

Strong written and verbal communication skills, with the ability to explain data risk to both technical and non-technical stakeholders

Ability to work cross-functionally and influence without direct authority

Relevant certifications such as SC-400 (Information Protection), SC-300, Azure Security Engineer Associate, CISSP, CISM, CCSP, or similar are strongly preferred

Preferred

Ability to be a self-starter and motivated to help Engineering teams understand cyber security best practices

Experience with SAST, DAST, OSS, web-app pen-test, and offensive security assessment tools

Knowledge and experience with information security controls, infrastructure, and implementation techniques

Experience in improving vulnerability remediation requirements

Experience in delivering product security in one or more public clouds (Azure, AWS, GCP)

Experience in securely operating highly distributed systems with published SLAs

Experience with supporting engineering compliance, e.g., HIPAA, ISO, SOC2, FDA

Certifications in Information Security, e.g., GSEC, GCWN, GDSA, CISSP, HCISP, CCSP, CRISC, CISM, Security+, or other security relevant accreditations

Offensive Security certifications are a plus, e.g., GCIH, GPEN, GXPN, OSCP, OSEE, CEH

Benefits

Great benefits package

Comprehensive benefits with strong medical, dental and vision insurance plans

401K plan

Professional development & training opportunities for continuous learning

Work/life autonomy via flexible work hours and flexible paid time off

Generous parental leave

Regular team activities (virtual and in-person)

Company

Truveta

Truveta is a healthcare data platform that provides EHR data for scientific research.

Founded in 2020

Bellevue, Washington, USA

201-500 employees

https://www.truveta.com

Funding

Current Stage

Growth Stage

Total Funding

$515M

Key Investors

Microsoft

2025-01-13Series C· $320M

2021-11-09Series Unknown· $100M

2021-09-29Corporate Round

Leadership Team

Terry Myerson

CEO and Co-founder

Jay Nanduri

Chief Technical Officer & Co-Founder

Recent News

GlobeNewswire

Truveta launches Truveta Live Link

2026-01-14

GeekWire

Here’s where Seattle ranks among U.S. cities based on capital raised

2026-01-12

GlobeNewswire

New Truveta research published in JAMA Network Open reveals declining timeliness in childhood MMR vaccination and identifies early predictors of missed immunizations

2026-01-03

Company data provided by crunchbase