Founding Security Reliability Engineer

About Charta Health In an industry where the focus should rightly be on delivering quality care to patients, healthcare providers remain burdened by the complexities of non-clinical operations. Charta is changing that. We’re building the operating system for modern healthcare organizations. Our AI platform streamlines critical workflows across revenue cycle, clinical operations, and administrative functions, helping providers and payers operate more efficiently and deliver better patient care. Backed by Bain Capital Ventures, Charta is on a mission to make every healthcare dollar accountable and every chart accurate, reimagining healthcare infrastructure from the ground up. About the Opportunity Charta Health is seeking a highly motivated and experienced Founding Security Reliability Engineer to design, implement, and maintain the secure, scalable, and resilient infrastructure that underpins our generative AI healthcare solutions. This pivotal role requires a hands‑on engineer who can strategically build out our platform’s security architecture by applying SRE principles: ensuring robust security through automation, meticulous monitoring of security events, proactive threat mitigation, and efficient incident response. You’ll be crucial in engineering security into every layer from day one within a highly regulated healthcare environment. What You’ll Do Engineer Secure & Resilient Infrastructure: Design, develop, and implement highly scalable, resilient, and inherently secure cloud infrastructure and application architectures to support our AI platform and data pipelines, prioritizing security‑by‑design and resilience against attacks. Security Automation & DevSecOps: Lead efforts to automate security controls, infrastructure provisioning, deployment, and operational tasks using tools like Terraform, Ansible, and CI/CD pipelines. Embed automated security gates (SAST, DAST, IaC scanning, secrets detection) and security best practices into every stage of the software development lifecycle. Cloud Security Engineering: Implement and manage security best practices for our cloud environments (primarily AWS), including network security, identity and access management (IAM), data encryption at rest and in transit, secrets management, and secure configuration baselines. Application Security: Partner with development teams to conduct threat modeling, perform security code reviews, and implement secure coding practices. Integrate application security testing tools into CI/CD pipelines and drive vulnerability remediation. Security Reliability Metrics & Incident Response: Define, implement, and monitor key security‑focused metrics (e.g., Mean Time To Detect (MTTD) security incidents, Mean Time To Respond (MTTR) security incidents, vulnerability remediation SLAs) . Design and lead robust incident response plans and procedures for security incidents and breaches, ensuring swift and effective containment, eradication, recovery, and thorough post‑incident analysis (blameless post‑mortems) focused on improving system security and resilience. Security System Engineering & Operations: Oversee the implementation, monitoring, and continuous improvement of critical security systems and technologies, including Security Information and Event Management (SIEM), Cloud Security Posture Management (CSPM), Intrusion Detection/Prevention Systems (IDS/IPS), Web Application Firewalls (WAF), Data Loss Prevention (DLP), Endpoint Detection and Response (EDR), and secrets management solutions. Security Observability & Monitoring: Establish comprehensive monitoring, logging, and alerting systems to provide deep visibility into system health, performance, and critical security events and anomalies. Engineer centralized logging for auditability and forensic capabilities. Vulnerability Management: Establish and manage a comprehensive vulnerability management program, including regular scanning, penetration testing coordination, analysis of findings, and driving timely remediation efforts across infrastructure and applications. Compliance & Regulatory Engineering: Ensure continuous adherence and demonstrable compliance with applicable security laws, regulations, and industry standards relevant to healthcare data and technology (e.g., HIPAA, HITECH, HITRUST, SOC 2, CCPA/CPRA, GDPR) by engineering compliant controls and automated validation. Cross‑Functional Security Collaboration: Partner closely with Engineering, Product, and IT teams to embed security requirements as first‑class citizens into business processes, new projects, and system development lifecycles. Serve as a subject matter expert on security best practices. Security Culture & Training: Champion a strong security‑first culture. Develop and deliver engaging security awareness and secure coding training programs for all employees to promote a security‑conscious and proactive mindset. Strategic Security Planning & Threat Intelligence: Strategically plan for future security needs and technological advancements. Continuously research and integrate the latest security technologies, emerging threats, attack vectors, and threat intelligence to enhance Charta's security program and maintain a strong defensive posture. You’d be a great fit if you have: Experience: 4+ years of progressive experience in Security Engineering, Application Security, Cloud Security, or DevSecOps , with a proven track record of applying SRE principles to solve complex security challenges and build resilient systems. At least 2+ years in a lead or foundational capacity. Cloud Security Expertise: Deep expertise in cloud platforms, especially AWS, with a strong focus on secure configuration, network security, IAM, data encryption, and operationalizing security within services like EC2, S3, RDS, Lambda, EKS/ECS, VPC, CloudWatch, GuardDuty, Security Hub, WAF, KMS, Secrets Manager. Application Security Fundamentals: Solid understanding of common web application vulnerabilities, secure coding practices, and experience with application security testing tools. Containerization & Orchestration Security: Solid understanding and practical experience with container technologies and orchestration platforms, including container security best practices and runtime protection. Security Operations & Tooling: Experience setting up and managing robust security monitoring, logging, and alerting solutions (e.g., SIEM, EDR, IDS/IPS). Ability to build custom tools and integrate security services via APIs. Security Principles & Architecture: In-depth knowledge of security principles, secure system design patterns, network security, application security, cloud security, data protection, and cryptography. Healthcare Compliance: Strong understanding of regulatory compliance requirements in the healthcare industry (e.g., HIPAA, HITECH, HITRUST). Security Frameworks: Experience with established security frameworks and standards (e.g., NIST CSF, ISO 27001, SOC 2, CIS Benchmarks, MITRE ATT&CK). Problem‑Solving: Excellent problem‑solving, debugging, and analytical skills with a focus on security incident root cause analysis and proactive threat mitigation. Communication: Strong communication (written and verbal) and interpersonal skills with the ability to effectively collaborate with cross‑functional teams and articulate security risks and solutions clearly. Education: Bachelor's degree in Computer Science, Engineering, Information Security, or a related field; equivalent practical experience will also be considered. What We Offer Competitive salary and comprehensive benefits package, including health, dental, and vision. Equity & growth opportunities in a fast‑growing, innovative tech startup. Ongoing professional development and access to cutting‑edge AI and healthcare tools. Lively, in‑person work culture at our SF Headquarters. $150,000 - $250,000 depending on experience + Equity + Benefits Join us in our mission to transform healthcare through innovation! Our Commitment to Diversity We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. #J-18808-Ljbffr