Senior Corporate Security Engineer

Why Charlie Health? Millions of people across the country are navigating mental health conditions, substance use disorders, and eating disorders, but too often, they’re met with barriers to care. From limited local options and long wait times to treatment that lacks personalization, behavioral healthcare can leave people feeling unseen and unsupported. Charlie Health exists to change that. Our mission is to connect the world to life-saving behavioral health treatment. We deliver personalized, virtual care rooted in connection—between clients and clinicians, care teams, loved ones, and the communities that support them. By focusing on people with complex needs, we’re expanding access to meaningful care and driving better outcomes from the comfort of home. As a rapidly growing organization, we're reaching more communities every day and building a team that’s redefining what behavioral health treatment can look like. If you're ready to use your skills to drive lasting change and help more people access the care they deserve, we’d love to meet you. About the Role The Senior Corporate Security Engineer role is responsible for designing, building and operating the technical security systems and controls that protect Charlie Health’s corporate environment, workforce systems, endpoints, SaaS platforms, cloud-connected services and internal operations. This is a senior hands-on security engineering role requiring expertise in enterprise security, identity and access management, endpoint security, SaaS security, data protection, security automation, cloud security and detection engineering. The Corporate Security Engineer will partner closely with IT Engineering, Information Security, Compliance, Engineering and business teams to reduce risk, improve control maturity and support Charlie Health’s continued growth. Our IT and Information Security organizations treat security as an engineering discipline. We value ownership, measurable outcomes, automation, reliability, secure-by-design implementation and continuous improvement. The Corporate Security Engineer will build scalable security capabilities that protect sensitive company, employee, clinician and patient data while enabling the business to move quickly and safely. Charlie Health is also building an AI-native operating model. This role will help secure the enterprise use of AI tools, LLM platforms, AI-enabled workflows and emerging AI security products. The ideal candidate is excited to work with tools and platforms such as OpenAI, Anthropic, LiteLLM, Prompt Security, Pillar and other AI security technologies, while helping define practical controls for safe and responsible AI adoption. Charlie Health operates in a highly regulated healthcare environment. This role will support security controls aligned to HIPAA, SOC 2, NIST, Zero Trust principles and other applicable regulatory and contractual requirements. This role can either be in-office or remote. Responsibilities Security Engineering & Control Design Design, build and operate technical security controls across Charlie Health’s corporate technology environment Engineer scalable security solutions for identity, endpoints, SaaS platforms, cloud-connected services, collaboration tools and internal systems Translate security requirements into reliable technical controls, automations, detections and operational workflows Partner with IT Engineering to embed secure-by-design practices into enterprise systems, integrations and infrastructure Establish control patterns that improve security posture, operational efficiency, auditability and resilience Identity, Access Control & Zero Trust Design and improve identity and access controls across workforce systems, SaaS applications and privileged access workflows Implement and mature controls for MFA, conditional access, device trust, role-based access, least privilege, service accounts and lifecycle automation Partner with IT and business teams to improve joiner, mover, leaver, access review and elevated access processes Help advance Charlie Health’s Zero Trust strategy through identity-centric control design, continuous verification and measurable trust signals Endpoint, SaaS & Cloud Security Engineer and improve security controls across Mac, Windows, mobile and BYOD environments Partner with endpoint engineering teams to improve secure configuration baselines, MDM policy, EDR coverage, device compliance and vulnerability remediation Assess and improve the security posture of corporate SaaS platforms, integrations, APIs and service accounts Configure and operationalize security tooling across platforms such as SentinelOne, Wiz, Google Workspace, Okta, Jamf, Microsoft Intune, GitHub, Slack, Atlassian and related systems Support cloud security visibility and control implementation across AWS and related services, including use of CloudTrail and other telemetry sources Detection, Response & Security Operations Build and improve detections, alerts, dashboards, runbooks and response workflows across corporate security tooling Partner with Expel MDR and internal teams to improve telemetry quality, alert fidelity, investigation workflows and response outcomes Support investigation and response for identity, endpoint, SaaS, email, cloud, data exposure and corporate security events Tune security tools to reduce noise, improve signal quality and increase confidence in control effectiveness Develop repeatable playbooks and operating procedures that improve incident readiness and operational consistency AI Security & Secure AI Adoption Help secure Charlie Health’s use of AI tools, LLM platforms, AI agents and AI-enabled workflows Evaluate and operationalize controls for AI data protection, prompt-layer security, access governance, logging and usage monitoring Partner with IT, Security, Compliance and business teams to define practical security patterns for tools such as OpenAI, Anthropic, LiteLLM, Prompt Security, Pillar and related platforms Assess risks related to sensitive data exposure, PHI leakage, model access, third-party integrations and AI-enabled automation Stay current on emerging AI security risks, controls and products, and translate relevant developments into practical improvements Data Protection & DLP Design and operate controls that protect PHI, employee data, clinician data and sensitive company information Support DLP strategy across SaaS platforms, endpoints, browsers, collaboration tools, email, cloud services and AI systems Improve visibility into sensitive data movement, sharing patterns and policy violations Partner with Compliance, Legal, IT and business teams to support data protection requirements and reduce operational risk Build automations and reporting that improve DLP response, control monitoring and evidence collection Security Automation & Engineering Practices Build automations that improve security operations, access management, control monitoring, remediation and audit evidence collection Use APIs, scripting, webhooks, workflow platforms and infrastructure-as-code practices to reduce manual work and improve control consistency Develop maintainable security workflows using tools and languages such as Python, Bash, PowerShell, Workato, Terraform, REST APIs and JSON Apply modern engineering practices including version control, code review, documentation, testing and repeatable deployment patterns Identify opportunities to simplify security processes while improving reliability and measurable outcomes Governance, Risk & Compliance Enablement Implement and maintain controls that support HIPAA, SOC 2, NIST, ISO 27001 and other applicable frameworks Support audit evidence collection, control testing, remediation planning and continuous control monitoring Identify security risks, document findings and partner with stakeholders to drive timely remediation Translate compliance and risk requirements into practical engineering solutions that support business operations Help define metrics that measure control health, security posture, operational maturity and risk reduction Required Qualifications 5+ years of experience in security engineering, corporate security, infrastructure security, enterprise security, IT security, cloud security or a related technical discipline Deep hands-on experience designing, building and operating technical security controls in enterprise environments Experience securing identity, endpoints, SaaS platforms, collaboration tools, cloud-connected services and internal systems Strong experience with identity and access management concepts, including MFA, conditional access, privileged access, lifecycle automation, service accounts and least privilege Experience working with security tools such as MDR platforms, EDR, SIEM, cloud security tools, endpoint management tools, vulnerability management tools or DLP systems Experience with security platforms and telemetry sources such as Expel MDR, SentinelOne, Wiz, CloudTrail, Sumo Logic or similar tools Experience with endpoint security, MDM, secure configuration management and vulnerability remediation across Mac, Windows or mobile environments Experience using scripting, APIs or automation tools such as Python, Bash, PowerShell, Workato, Terraform, REST APIs, webhooks or JSON Familiarity with detection engineering, alert tuning, incident response workflows and security operations processes Strong understanding of Zero Trust principles, identity-centric security, least privilege, device trust and secure system design Ability to work cross-functionally with IT, Security, Engineering, Compliance and business stakeholders Strong documentation, ownership, judgment and ability to operate independently in ambiguous environments Preferred Qualifications Experience operating at a Staff Engineer or senior technical leadership level Experience in healthcare, financial services or other regulated environments Experience supporting HIPAA, SOC 2, NIST, ISO 27001 or similar security and compliance frameworks Experience securing enterprise AI tools, LLM platforms, AI agents or AI-enabled workflows Exposure to AI platforms and security tools such as OpenAI, Anthropic, LiteLLM, Prompt Security, Pillar or similar technologies Experience with DLP, CASB, SSPM, browser security, SaaS posture management or data discovery tools Experience securing Google Workspace, Okta, Jamf, Microsoft Intune, GitHub, Slack, Atlassian, AWS or similar enterprise platforms Experience building automations using REST APIs, webhooks, JSON, service accounts and API authentication patterns Experience partnering with managed security providers, MDR teams, external auditors or compliance teams Familiarity with AI security risks including sensitive data exposure, prompt injection, model access control, third-party plugin risk and AI system logging Benefits Charlie Health is pleased to offer comprehensive benefits to all full-time employees. Read more about our benefits here. Additional Information The total target base compensation for this role will be between $180,000 and $240,000 per year at the commencement of employment. Please note, pay will be determined on an individualized basis and will be impacted by location, experience, leveling, expertise, internal pay equity, and other relevant business considerations. Further, cash compensation is only part of the total compensation package, which, depending on the position, may include stock options and other Charlie Health-sponsored benefits.

#LI-HYBRID

Our Values Connection: Care deeply & inspire hope. Congruence: Stay curious & heed the evidence. Commitment: Act with urgency & don’t give up. Please do not call our public clinical admissions line in regard to this or any other job posting. Please be cautious of potential recruitment fraud. If you are interested in exploring opportunities at Charlie Health, please go directly to our Careers Page: Charlie Health will never ask you to pay a fee or download software as part of the interview process with our company. In addition, Charlie Health will not ask for your personal banking information until you have signed an offer of employment and completed onboarding paperwork that is provided by our People Operations team. All communications with Charlie Health Talent and People Operations professionals will only be sent from @charliehealth.com email addresses. Legitimate emails will never originate from gmail.com, yahoo.com, or other commercial email services. Recruiting agencies, please do not submit unsolicited referrals for this or any open role. We have a roster of agencies with whom we partner, and we will not pay any fee associated with unsolicited referrals. At Charlie Health, we value being an Equal Opportunity Employer. We strive to cultivate an environment where individuals can be their authentic selves. Being an Equal Opportunity Employer means every member of our team feels as though they are supported and belong. We value diverse perspectives to help us provide essential mental health and substance use disorder treatments to all young people. Charlie Health applicants are assessed solely on their qualifications for the role, without regard to disability or need for accommodation. By clicking "Submit application" below, you agree to Charlie Health's Privacy Policy and Terms of Service. By submitting your application, you agree to receive SMS messages from Charlie Health regarding your application. Message and data rates may apply. Message frequency varies. You can reply STOP to opt out at any time. For help, reply HELP.