Staff Security Engineer

Linus Health is a Boston-based digital health company focused on transforming brain health for people across the world. By advancing how we detect and address cognitive and brain disorders – leveraging cutting-edge neuroscience, clinical expertise, and artificial intelligence – our goal is to enable a future where people can live longer, happier, and healthier lives with better brain health.

We are a team of 110+(and growing!), embarking on an exciting period of accelerated growth.  We invite collaborative, self-driven and impact-oriented professionals to join our dynamic and fast-growing team.

Does this sound like an innovative & disruptive start-up where you could see yourself? If so, please continue reading…

The Role:

As a Staff-level Security Engineer, you will spearhead our initiatives to fortify our software and data systems against security threats. A critical aspect of your role will involve collaborating with engineering architects to integrate robust security measures into the architectural designs and development processes of our applications. Your leadership will ensure that security practices are not only implemented but also optimized across all technological facets of our operations. You will be the driving force behind the education of our development teams on secure programming practices, ensuring that our applications are built with the highest security standards from the ground up. By conducting regular security assessments, working with external auditors, and engaging in proactive threat modeling, you will play a pivotal role in maintaining and enhancing our security posture. Your efforts will be instrumental in upholding and surpassing industry benchmarks for health data security, thereby safeguarding our patients' privacy and reinforcing their trust in our commitment to their safety.

What You’ll Do:

• Lead the development and implementation of comprehensive security policies, procedures, and standards to ensure the integrity, confidentiality, and availability of health information.
• Perform risk assessments, security audits, and penetration testing to identify vulnerabilities and ensure compliance with health information privacy laws.
• Design and coordinate with the Cloud team to implement security measures for our cloud-based environments, including encryption, firewalls, detection and prevention systems, and access controls.
• Collaborate with and provide education to software development teams to integrate security practices into the development lifecycle, including secure coding standards, code reviews, and automated security testing.
• Respond to and investigate security incidents, breaches, and vulnerability issues, coordinating with internal teams and external partners as necessary.
• Provide expert guidance on security technologies and best practices to technical and non-technical teams.
• Stay abreast of the latest security threats, trends, and technologies, and assess their implications for our systems and processes.
• Develop and conduct security awareness training programs for employees and stakeholders.
• Interface with the growth team, external customers, and prospects on security reviews and assessments.
• Closely monitor, review and analyze  our system(s) for threats, vulnerabilities, etc and proactively identify and mitigate risks
• Serve as a key point of contact for audit and certification programs, such as SOC 2, HIPAA, GDPR, CCPA, etc.

About You:

Must Haves

• Bachelor’s or Master’s degree in Computer Science, Information Security, or equivalent work experience.
• Minimum of 7+ years of experience in information security, ideally within the healthtech or related industry.
• Strong knowledge of health information privacy laws (e.g., HIPAA) and industry standards (e.g., SOC2, NIST, ISO 27001, HITRUST).
• Experience with security frameworks, risk management, and leading compliance audits.
• Proficiency in security technologies, including encryption, intrusion detection/prevention, network security, and endpoint protection.
• Experience with cloud security architectures and solutions, particularly in AWS, Azure, or Google Cloud, and experience coordinating with Engineering architect teams to implement best practices.
• Excellent problem-solving, analytical, and communication skills.
• Have programming experience  in Javascript, Typescript, Python, or similar language, especially in writing secure code within that language in order to provide guidance to software development teams.

Nice To Haves

• Relevant security certifications (e.g., CISSP, CISM, CEH) are highly desirable.
• Experience undergoing SOC2 and/or HITRUST audits

What We Offer:

• As a brain health company, an opportunity to have a lasting impact on the way people and communities engage with brain and mental health, and even to affect the prognoses of people’s mental and brain health trajectory
• A mission driven environment where all 110+(and counting) employees strive to exemplify our core values every day
• Competitive compensation packages that include an annual discretionary target bonus incentive as well as valuable equity
• Unlimited PTO -- We know this can work both ways, however our leadership team does an excellent job at encouraging people to take PTO
• A sincere and deep appreciation for the importance of mental health: We have recently implemented a “monthly flex day” where employees are encouraged to take time away from work to rest, recharge & reset.
• A peer-to-peer recognition program: Celebrating our employees’ hard work and success is in our DNA!
• Employee Referral Incentive program
• The base salary budgeted for this position is in the $175,000 - 195,000 (USD) range per year. The role will also include an annual discretionary target bonus based on performance as well as company equity. The final offer determined for a candidate who is hired into this position will depend on a number of factors, including, but not limited to, the candidate's relevant skills, professional experience, and labor market conditions, etc.
• A robust healthcare package that includes medical, dental & vision benefits as well as a 401(k) program where Linus will match up to 6% of employee contributions

Linus Health is an equal opportunity employer. All qualified candidates will receive consideration for employment without regard to race, religion, color, national origin, sexual orientation, gender, gender identity or expression, age, genetic information, disability or any characteristic protected by law. We believe that diversity is critical to the growth of our company and understand the importance of fostering an environment where everyone has a voice. We are also committed to providing reasonable accommodations for candidates with disabilities during the recruiting process. If you are in need of assistance due to a disability, please contact us.