Senior Security Engineer - Application Security

Senior Security Engineer - Application Security

New York, NY

About the Role

This is an opportunity to join K's critical InfoSec team as a Senior Security Engineer and operate with foresight in protecting our infrastructure, applications, cloud security, and customer trust. As a lean team, we span across multiple areas such as AppSec, CloudSec, SecOps, ITSec, and Compliance and apply it towards reading and interpreting architecture, or planning and building out net new security solutions. You will have the autonomy to define and implement cutting-edge security solutions across our entire technical ecosystem, ensuring our innovative work remains robust and compliant against evolving global threats. This role is crucial for establishing and maintaining a world-class security posture, particularly within the sensitive and highly regulated healthcare technology space.

This role requires onsite presence in our New York City office 4 days a week and does not provide immigration support.

What You Will Do

• Lead the development and implementation of robust application security protocols throughout the entire Software Development Lifecycle (SDLC).
• Design, deploy, and continuously monitor cloud security architecture across our cloud environments, ensuring performance and resilience.
• Manage the security posture of K's core IT infrastructure, internal networks, and perimeter defenses, mitigating threats before they impact operations.
• Ensure adherence to relevant healthcare regulatory and compliance requirements (e.g., HIPAA, GDPR, etc.) across all product lines and systems.
• Conduct proactive vulnerability assessments, penetration tests, and security reviews to identify and remediate potential weaknesses in our platforms.
• Collaborate with engineering teams to integrate security tools and practices into continuous integration/continuous deployment (CI/CD) pipelines.

What We're Looking For

• 5+ years of experience in Information Security, Cloud Security, IT Security, and/or Application Security.
• Strong expertise in cloud technology (AWS, GCP, or Azure), modern programming languages, utilization of generative coding utilities, and the security implications of utilizing AI code development utilities.
• Demonstrated experience researching, establishing, and successfully rolling out enterprise-wide security policies and guidelines.
• Proven experience establishing a cutting-edge security posture, particularly within the regulated healthcare technology field.
• Excellent communication skills, capable of translating complex security risks into clear, actionable advice for technical and non-technical stakeholders.
• Expertise in compliance, security, and regulatory areas such as; HIPAA, PHI, AKS, SOC 2, ISO, GDPR, etc.
• Flexibility in covering a rotation for critical on-call support responsibilities

Bonus:

• Exploring, partnering and implementing bleeding edge tech not readily available to others.
• Experience with specific tools and tech K uses including but not limited to: Datadog, Sumologic, Torq, flare.io, GCP, Entitle, Okta, Orca, FlowSec, Prisma

Benefits & Perks:

• Hybrid work schedule with weekly lunches and stocked fridges
• Monthly social committees for company events
• 18 vacation days, 9 company holidays, 5 sick days, and 2 personal days
• Stock options for every full-time employee
• Paid parental leave
• 401k benefit
• Commuter Benefits
• Competitive health, dental, and vision insurance options

Compensation: $150,000 - $200,000 USD

Who We Are:

Behind every leading health system is K Health's AI-powered virtual care engine.

Esteemed health systems like Mayo Clinic, Cedars-Sinai, Mass General Brigham, Hackensack Meridian Health, and Hartford Healthcare partner with K Health to build and run modern primary virtual care clinics on their behalf.

Our deeply integrated model modernizes the primary care loop by using AI to put humans first. For our patients, we offer clinical AI (i.e., PatientGPT) and unparalleled access to close care gaps around the clock. For our Providers, we deliver provider-serving agentic solutions (i.e., Perfect Note) to eliminate administrative overload and burnout. And for the health systems, we deploy our top-grade Virtualists in AI-powered virtual clinics 24/7 to capture the patients' care journeys at step one, retain the journey through the system for longitudinal care, and strengthen profitability.

We're founded in 2016, headquartered in New York City, and backed by nearly $400 million from leading investors including Valor Equity Partners, Claure Group, Mangrove Capital Partners, 14W, Notable Capital, Lerer Hippeau, Primary Venture Partners, Comcast Ventures, PICO Venture Partners, Max Ventures, and other strategic healthcare partners.

We offer competitive compensation packages based on industry benchmarks for function, level, and geographic location. Offer amounts are determined by multiple factors such as a candidate's experience and expertise.

We are proud to be an Equal Opportunity Employer and consider applicants for employment regardless of race, ethnicity, religion, color, national origin, ancestry, disability, medical condition, genetic information, marital status, sex, gender, gender identity, gender expression, sexual orientation, pregnancy, childbirth and breastfeeding, age, citizenship, military or veteran status, or any other class protected by applicable federal, state, and local laws. We're deeply committed to building teams as diverse as the patients we serve and strive to cultivate an environment where everyone can bring their most authentic self to work. We depend on our differences to make our team stronger, our workplace more dynamic, and our product accessible to all of our users.

We are committed to maintaining the integrity of our hiring process and ensuring a safe environment for all candidates. All communication for job offers from K Health will come from email addresses ending in @khealth.com. K Health will never ask you to provide financial information about yourself during the recruitment process. We will never use personal email accounts or other domains for official correspondence. Our official job postings are only listed on our official website and reputable job boards. Be cautious of job offers from sources other than these platforms.