Founding Security Reliability Engineer

As our Founding Security Reliability Engineer at Charta Health, you'll pioneer the application of Site Reliability Engineering principles to ensure the unwavering security, resilience, and operational excellence of our cutting-edge generative AI platform. This is a unique opportunity to build and scale the foundational security infrastructure that powers our services, with an explicit mission to engineer security directly into every layer, from design through deployment and operations. You'll blend deep security expertise with an SRE mindset, ensuring our systems are not only available and performant but are inherently secure, capable of resisting and rapidly recovering from attacks within a highly regulated healthcare environment.

About Charta Health

At Charta, we're pioneering a transformative approach to healthcare billing through the power of generative AI. Our mission is to revolutionize this critical yet often cumbersome aspect of healthcare, empowering medical billers and coders with tools that elevate their efficiency by leaps and bounds. Our innovative AI technology enables these professionals to operate at an astounding 10x to 100x more efficiently, while significantly reducing operational costs to just 2% of the standard expense.

In an industry where the focus should rightly be on patient care and clinical services, Charta steps in to ensure that healthcare providers are unburdened from the complexities of non-clinical operations. Our cutting-edge solutions are designed to handle the intricacies of the revenue cycle, freeing up healthcare professionals to concentrate on what they do best – caring for patients.

Our vision at Charta is to create a seamless, efficient, and cost-effective billing process that is invisible yet indispensable. By entrusting us with the operational challenges, healthcare providers can redirect their resources and attention towards patient-centric services, secure in the knowledge that their billing needs and highly sensitive data are expertly managed and continuously protected through robust security reliability engineering. Join us in our journey to redefine healthcare billing, and be a part of a team that's making a tangible difference in the world of healthcare.

About the Opportunity

Charta Health is seeking a highly motivated and experienced Founding Security Reliability Engineer to design, implement, and maintain the secure, scalable, and resilient infrastructure that underpins our generative AI healthcare solutions. This pivotal role requires a hands-on engineer who can strategically build out our platform's security architecture by applying SRE principles: ensuring robust security through automation, meticulous monitoring of security events, proactive threat mitigation, and efficient incident response. You'll be crucial in engineering security into every layer from day one within a highly regulated healthcare environment.

What You'll Do

• Engineer Secure & Resilient Infrastructure: Design, develop, and implement highly scalable, resilient, and inherently secure cloud infrastructure and application architectures to support our AI platform and data pipelines, prioritizing security-by-design and resilience against attacks.
• Security Automation & DevSecOps: Lead efforts to automate security controls, infrastructure provisioning, deployment, and operational tasks using tools like Terraform, Ansible, and CI/CD pipelines. Embed automated security gates (SAST, DAST, IaC scanning, secrets detection) and security best practices into every stage of the software development lifecycle.
• Cloud Security Engineering: Implement and manage security best practices for our cloud environments (primarily AWS), including network security, identity and access management (IAM), data encryption at rest and in transit, secrets management, and secure configuration baselines.
• Application Security: Partner with development teams to conduct threat modeling, perform security code reviews, and implement secure coding practices. Integrate application security testing tools into CI/CD pipelines and drive vulnerability remediation.
• Security Reliability Metrics & Incident Response: Define, implement, and monitor key security-focused metrics (e.g., Mean Time To Detect (MTTD) security incidents, Mean Time To Respond (MTTR) security incidents, vulnerability remediation SLAs) . Design and lead robust incident response plans and procedures for security incidents and breaches, ensuring swift and effective containment, eradication, recovery, and thorough post-incident analysis (blameless post-mortems) focused on improving system security and resilience.
• Security System Engineering & Operations: Oversee the implementation, monitoring, and continuous improvement of critical security systems and technologies, including Security Information and Event Management (SIEM), Cloud Security Posture Management (CSPM), Intrusion Detection/Prevention Systems (IDS/IPS), Web Application Firewalls (WAF), Data Loss Prevention (DLP), Endpoint Detection and Response (EDR), and secrets management solutions.
• Security Observability & Monitoring: Establish comprehensive monitoring, logging, and alerting systems to provide deep visibility into system health, performance, and critical security events and anomalies. Engineer centralized logging for auditability and forensic capabilities.
• Vulnerability Management: Establish and manage a comprehensive vulnerability management program, including regular scanning, penetration testing coordination, analysis of findings, and driving timely remediation efforts across infrastructure and applications.
• Compliance & Regulatory Engineering: Ensure continuous adherence and demonstrable compliance with applicable security laws, regulations, and industry standards relevant to healthcare data and technology (e.g., HIPAA, HITECH, HITRUST, SOC 2, CCPA/CPRA, GDPR) by engineering compliant controls and automated validation.
• Cross-Functional Security Collaboration: Partner closely with Engineering, Product, and IT teams to embed security requirements as first-class citizens into business processes, new projects, and system development lifecycles. Serve as a subject matter expert on security best practices.
• Security Culture & Training: Champion a strong security-first culture. Develop and deliver engaging security awareness and secure coding training programs for all employees to promote a security-conscious and proactive mindset.
• Strategic Security Planning & Threat Intelligence: Strategically plan for future security needs and technological advancements. Continuously research and integrate the latest security technologies, emerging threats, attack vectors, and threat intelligence to enhance Charta's security program and maintain a strong defensive posture.

You'd be a great fit if you have:

• Experience: 4+ years of progressive experience in Security Engineering, Application Security, Cloud Security, or DevSecOps , with a proven track record of applying SRE principles to solve complex security challenges and build resilient systems. At least 2+ years in a lead or foundational capacity.
• Cloud Security Expertise: Deep expertise in cloud platforms, especially AWS, with a strong focus on secure configuration, network security, IAM, data encryption, and operationalizing security within services like EC2, S3, RDS, Lambda, EKS/ECS, VPC, CloudWatch, GuardDuty, Security Hub, WAF, KMS, Secrets Manager.
• Application Security Fundamentals: Solid understanding of common web application vulnerabilities, secure coding practices, and experience with application security testing tools.
• Containerization & Orchestration Security: Solid understanding and practical experience with container technologies and orchestration platforms, including container security best practices and runtime protection.
• Security Operations & Tooling: Experience setting up and managing robust security monitoring, logging, and alerting solutions (e.g., SIEM, EDR, IDS/IPS). Ability to build custom tools and integrate security services via APIs.
• Security Principles & Architecture: In-depth knowledge of security principles, secure system design patterns, network security, application security, cloud security, data protection, and cryptography.
• Healthcare Compliance: Strong understanding of regulatory compliance requirements in the healthcare industry (e.g., HIPAA, HITECH, HITRUST).
• Security Frameworks: Experience with established security frameworks and standards (e.g., NIST CSF, ISO 27001, SOC 2, CIS Benchmarks, MITRE ATT&CK).
• Problem-Solving: Excellent problem-solving, debugging, and analytical skills with a focus on security incident root cause analysis and proactive threat mitigation.
• Communication: Strong communication (written and verbal) and interpersonal skills, with the ability to effectively collaborate with cross-functional teams and articulate security risks and solutions clearly.
• Education: Bachelor's degree in Computer Science, Engineering, Information Security, or a related field; equivalent practical experience will also be considered.

What We Offer

• Competitive salary and comprehensive benefits package, including health, dental, and vision.
• Equity & growth opportunities in a fast-growing, innovative tech startup.
• Ongoing professional development and access to cutting-edge AI and healthcare tools.
• Lively, in-person work culture at our SF Headquarters.
• $150,000 - $250,000 depending on experience + Equity + Benefits

Join us in our mission to transform healthcare through innovation!

Our Commitment to Diversity

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.

Interested in applying or learning more? Contact us or send us your résumé at View email address on click.appcast.io.