Lead Security Engineer

The Opportunity

Join the team securing the platform that helps millions of people move beyond musculoskeletal pain. As Hinge Health's engineering organization embraces AI-assisted development — including AI-powered code generation, automated PR review workflows, agent sandboxing, and MCP gateway integrations — we need a Lead Security Engineer who will build the security guardrails, tooling, and standards that ensure we ship with confidence. You'll sit at the critical intersection of cloud security, AI-enabled engineering, and identity & access management, partnering closely with Application Security, SRE, and R&D Engineering to design and enforce security-by-design principles across our AWS environment, CI/CD pipelines, and developer tooling. This is your chance to make a real impact on the lives of millions by driving advancements in healthcare security — ensuring utmost compliance and privacy while enabling engineers to move fast and safely.

Candidates must be within commuting distance to New York City

Who You Are

• A Security-First Thinker: You instinctively design systems that are secure by default, and you know how to balance security rigor with engineering velocity.

• An AI-Savvy Engineer: You're energized (not intimidated) by the rapid adoption of AI-assisted development and see it as an opportunity to build novel security frameworks.

• A Trust Builder: You communicate effectively across engineering, compliance, and leadership teams — authoring clear, plain-spoken technical proposals that drive alignment.

• A Learn-it-all: You stay ahead of emerging threats and continuously evolve your approach — from adversarial ML to supply chain attacks on AI pipelines.

• A Leader at All Levels: You're hands-on in code and architecture, but you also mentor others and help the team self-organize around measurable outcomes.

Basic Qualifications

• Bachelor's degree in a technical, engineering, or scientific field — or comparable education/experience

• 3+ years in cybersecurity, with 3+ years focused on security operations or IAM

• 2+ years of experience in cloud security operations, specifically AWS

• 2+ years of coding experience (e.g., Python, Go, or TypeScript) with hands-on experience developing Terraform and infrastructure-as-code

• Hands-on experience securing AI/ML systems, including data pipelines, model deployments, API integrations, and their security challenges

Preferred Qualifications

• AWS Solutions Architect or Security Specialty certification

• AI/ML security certifications or familiarity with adversarial machine learning threats and mitigation strategies

• Experience building or integrating security controls into CI/CD pipelines and AI-assisted development workflows

• Experience managing an Enterprise IdP, especially Okta, with deep understanding of OAuth 2.0 and SAML

• SOC 2, PCI, or HIPAA audit/training certifications

• Knowledge of low-level networking principles

What You'll Accomplish

In your first 3 months:

• Audit current cloud security posture and IAM architecture across our AWS environment; build relationships with key stakeholders in Application Security, SRE, and R&D Engineering.

• Assess existing AI-assisted development tooling (Claude Code, Cursor, MCP gateway) for security risks and begin developing a governance framework.

In your first 6 months:

• Design and implement AI-driven tools and workflows to enhance security monitoring, threat detection, incident response, and IAM governance.

• Develop and enforce policies and protocols to protect AI tools and platforms from misuse, data breaches, and external threats — including secure agent sandboxing and MCP server governance.

• Deliver IAM solutions enabling secure, granular access controls that enforce least privilege principles, utilizing automation and AI for privilege escalation and approvals.

In your first year:

• Own the security strategy for AI-enabled development and cloud infrastructure, acting as the primary subject matter expert for security engineering across the organization.

• Ensure all compliance regulations — including HIPAA, privacy, and relevant security frameworks — are met for new services, AI tooling, and infrastructure.

• Develop and drive cybersecurity initiatives related to incident response, threat intelligence, vulnerability management, and monitoring tools.

• Mentor team members in adopting new security tools and processes; educate the broader organization through knowledge-sharing sessions and author clear technical proposals with measurable security OKRs.

About Hinge Health

At Hinge Health, we're using technology to scale and automate the delivery of healthcare – starting with musculoskeletal (MSK) conditions, which affect over 1.7 billion people worldwide. With an AI-powered human-centered care model, Hinge Health leverages cutting-edge technology to improve outcomes, experiences and costs to help people move beyond their pain. The platform addresses a broad spectrum of MSK care – from acute injury, to chronic pain, to post-surgical rehabilitation – through personalized, evidence-based care. As the preferred partner to 50+ health plans, PBMs and other ecosystem partners, Hinge Health is available to over 20 million people across more than 2,550 employers. The company is headquartered in San Francisco with additional offices in Montreal and Bangalore.

What You'll Love About Us

• Inclusive healthcare and benefits: On top of comprehensive medical, dental, and vision coverage, we offer employees and their family members help with gender-affirming care, tools for family and fertility planning, and travel reimbursements if healthcare isn't available where you live.

• Planning for the future: Start saving for the future with our traditional or Roth 401k retirement plan options which include a 2% company match.

• Modern life stipends: Manage your own learning and development.

Culture & Engagement

Hinge Health is an equal opportunity employer and prohibits discrimination and harassment of any kind. We make employment decisions without regards to race, color, religion, sex, sexual orientation, gender identity, national origin, age, veteran status, disability status, pregnancy, or any other basis protected by federal, state or local law. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. We provide reasonable accommodations for candidates with disabilities. If you feel you need assistance or an accommodation due to a disability, let us know by reaching out to your recruiter. By submitting your application you are acknowledging we are using your personal data as outlined in the personnel and candidate privacy policy.

Beware of Phishing Attempts: We've noticed an increase in phishing where fraudsters impersonate employees and send fake job offers to steal sensitive information. We'll never ask for financial details during the hiring process and only use "@ hingehealth.com " emails. If you receive a suspicious offer, stop communication and report it to the US FBI Internet Crime Complaint Center. To verify an email from our recruiting team, forward it to View email address on click.appcast.io.