Senior Security Engineer

Metriport helps healthcare organizations access, analyze, and exchange patient data in real-time. Our open-source data intelligence platform integrates with all major healthcare IT systems in the US, and taps into comprehensive medical data for 300M+ individuals. Concretely, check out the following resources to learn more about what we actually do:

• Read some customer case studies and our Launch HN post.
• Try out our API & Dashboard products for yourself, for free, in Sandbox mode.
• Scope out our recent feature launches.
• Watch a demo of one of our products.

We are looking for our first security focused engineering hire who will own developing, maintaining, and hardening  security programs for some of the most mission critical and sensitive data in the industry - full longitudinal clinical histories for millions of lives

If you want to do work that matters and has a direct impact on people’s lives, you should consider joining us - there’s a good chance that this will be some of the most fulfilling, interesting, and impactful work you do in your career.

About us

The following points are an assortment of the most relevant bits that will give you the gist of where we’re at, why we’ll win, and our company culture:

• Well funded with a massive recent infusion of capital, found PMF, multi-million ARR, 80+ customers (including Strive Health, Circle Medical, and Brightside Health), funded by top VCs and angels, have years of runway - and we’re just getting started.
• We’re a tight-knit, high performing, and passionate team - we work with a consistent intensity and have become a leader in our industry with a fraction of the resources of our competitors.
• Consistency means we push as hard as humanly possible, while keeping our health and personal lives in check.
• Meaningful work is what gets us out of bed, and we just wouldn’t be satisfied by building yet another CRM company.
• By pedigree, we’re a group of underdogs - we don’t hire based on prestige, but on demonstrated competence and perceived potential.
• We’re engineering heavy, and most of our engineers are former founders (including 2 ex-YC founders).
• We operate as a relatively flat structure with little red tape, forced structure, or bureaucracy. We just opt to get shit done and foster a collaborative environment with high autonomy - our GitHub commit history and product velocity is a testament to this.
• The founders set the pace by working 6 days a week in our SF office, but everyone is given full freedom to craft a schedule that’s best for both the team and themselves - team output is measured.

About you

In a nutshell, we're looking for a security engineer with the following specific qualities:

• You’re entrepreneurial-minded, with an olympian-level work ethic (nearly our entire engineering team consists of former founders).
• You are passionate about security and are excited to own security related projects within the company end-to-end. 
• You are confident in your ability to build scalable systems across the full stack, and people usually come to you for technical guidance.
• You believe you can solve any problem that comes at you, and don't shy away from diving deep into areas where you may lack domain expertise.
• You have a strong sense of ownership over your work, and have demonstrated ability to lead others.
• You know how to move fast - while still maintaining a strong security posture.
• You care more about the end result and delivering value, rather than what new and frilly tech is being used under the hood for a given feature.
• When someone scopes out a project with an ETA of 3 weeks, you ask yourself "why can't it be done in 3 days?".
• You’re a hacker at heart, and have a good sense of what rules should, and shouldn’t, be broken.

What you'll be doing

After quickly ramping up using our comprehensive onboarding materials to get familiar with our domain, product, and codebase, the goal would be to get you shipping product directly to customers as quickly as possible. Specifically, day to day, this looks like:

• Evangelizing security across Metriport’s growing team - we will look to you for guidance, and training.
• Driving full-stack security projects , big and small, end-to-end from ideation to production rollout.These projects could include things like:
  • Implement an enterprise-grade audit logging solution for a new national healthcare network infrastructure stack.
  • Implement fine grained RBAC on the API key access layer, and more robust roles on our UIs.
  • Help us revamp our internal security policies and put tools in place to keep the platform, and employees, secure while still allowing the team to be efficient.
• Helping the engineering team with PR reviews with a security-focused lens.
• Work with the Go to Market team to complete customer security assessments and questionnaires.
• Work with the engineering team to harden security across the development lifecycle - think secret management, access controls, and vulnerability scanning.
• Managing your own work in Linear.
• Participating in bi-weekly sprint planning / retro sessions, and quarterly planning sessions.
• Attending a daily 30 minute remote stand-up at 7:30am PST Mon-Fri (our only regular mandatory meeting).

Requirements

• You have 6+ years experience in security engineering and information security.
• You’re located in San Francisco or the Bay Area (or willing to relocate).
• Familiar with HIPAA compliant environments.
• Experience rolling out and maintaining security frameworks like SOC 2, NIST, HITRUST, FedRAMP, etc.
• Experience rolling out data protection technologies like SSO, MFA, VPN, FIPS, etc.
• Experience with organizational secret management.
• Experience implementing SCA, SAST, DAST in CICD workflows.
• Experience with Mobile Device Management (MDM).
• Proficiency in cloud security & networking on AWS - IAM, WAF, KMS, etc.
• Proficiency in authentication, cryptography, encryption, and security protocols such as: mTLS, RSA, SSL, HMAC, RBAC, etc.
• Bonus: experience with IHE profiles (ATNA, CT, XUA).

Benefits

• Competitive equity + compensation package 🚀
• Salary range: $150,000,00 - $225,000.00
• Full family Platinum health insurance, dental, and vision coverage 🦷
• 401(k) retirement plan + matching 💰
• Flexible work from home or in-office 🏢
• Healthy lunches are complimentary when working in-office (and breakfast + dinners as needed) 🍏
• Quarterly company off-sites with the team ⛷️
• MacBook provided by us 💻
• Unlimited PTO (we work hard, but trust you to take time you need to be at your best) 🧘‍♂️

Our tech

On the frontend, we use React - on the backend, we rely on Node.js and TypeScript for writing core business logic. We deploy a wide range of AWS cloud services (ie ECS, Fargate, Lambda, etc), and manage our infrastructure as code with AWS CDK. Data lives in PostgreSQL, DynamoDB, S3, Snowflake, FHIR servers, and more. We use Oneleet for security and compliance.

Metriport provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability, genetics, sexual orientation, gender identity, or gender expression. We are committed to a diverse and inclusive workforce and welcome people from all backgrounds, experiences, perspectives, and abilities.