Senior Security Engineer

Welcome to Brightline! We are seeking a versatile Senior Security Engineer to join our team and help scale and enhance our security program. This is a key role where you will be responsible for protecting our cloud, product, and corporate environments by engineering and automating security controls. Building upon a strong foundation, you will use your expertise to create secure-by-default patterns, advance our automation capabilities, and elevate our overall security posture.

You are a security professional at heart with a passion for building durable solutions through code and automation. You see the big picture and enjoy working across different security domains, but you prefer to solve problems by engineering scalable systems rather than through manual configuration. You’re looking for a role where you can apply both your broad security knowledge and your deep technical skills to an existing, modern stack.

Responsibilities:

Cloud Infrastructure & Security Controls

• Expand and improve the use of Infrastructure as Code (Terraform) to manage and enforce AWS security controls.
• Implement and audit IAM policies to ensure secure and compliant access.
• Make the secure path the simplest and most intuitive for engineers.

Secrets Management & Incident Readiness

• Own and enhance the organization’s secrets management lifecycle.
• Automate credential rotation to minimize risk exposure.
• Lead incident response readiness drills to ensure organizational preparedness.

Secure Development Lifecycle & Developer Partnerships

• Partner with developers to integrate security more deeply into the product lifecycle.
• Optimize GitHub Advanced Security to detect and prevent vulnerabilities.
• Automate security feedback and controls within the CI/CD pipeline.

Security Architecture & Threat Response

• Define and evolve architectural strategy for security services (Crowdstrike, JAMF, Cloudflare).
• Build API-driven integrations to enable automation and advanced response capabilities.
• Serve as the primary technical liaison with the managed SOC (Deepwatch).
• Ensure integrity of log data into Splunk and translate findings into actionable internal remediation.

Requirements:

• 5+ years of experience in a hands-on security engineering role, ideally within both regulated industries (e.g., healthcare, fintech) and startup environments.
• Strong experience with Infrastructure as Code (Terraform) and a passion for managing security through auditable, repeatable code.
• Deep practical knowledge of AWS security principles and IAM, with experience managing them programmatically.
• Proficiency in a scripting language (e.g., Python) to build security automation and API integrations.
• Solid understanding of application security and experience with tools like GitHub Advanced Security.
• Proven experience enhancing secrets management programs and automating credential lifecycles.
• Familiarity with modern security tools such as EDR (Crowdstrike), WAF (Cloudflare), and JAMF.
• Experience with Okta as an identity platform and Gsuite administration, with an eye toward streamlining both.
• Interest in updating and laying the foundation for future AI integrations and scaling security capabilities across AWS and other technical stacks.
• Comfort operating as a thought leader, selecting the right tooling for scale and advising on enterprise-grade infrastructure.

We Offer Several Benefits, Perks, And Stipends:

• Medical, Dental, Vision, Long-Term Disability, Life Insurance, Flexible Spending Account, and 401k
• 12 Company Holidays + Floating Holidays, Holiday Shutdown, Flexible Time Off, Parental Leave
• Health and Wellness Stipend, Home Office Reimbursement and Professional Development Reimbursement

• Stock Options

At Brightline we have built a total rewards philosophy that includes fair, equitable, competitive, geo-based compensation that is performance and potential based. Our strategy is based on robust market research, including external advisory specializing in national compensation, and thoughtful input from every level of our organization. It is a combination of a cash salary, equity, benefits, wellbeing, and opportunity. In compliance with the Equal Pay for Equal Work Act, the annual base salary range for applicants is $145,000-$170,000.

Our Commitment To Building A Diverse, Equitable, And Inclusive Workforce

At Brightline, we believe that Diversity, Equity, Inclusion, and Belonging are essential to the foundation upon which our mission is built. We are committed to:

• building a future where all families can access inclusive, high-quality care
• creating an environment that encourages our employees to show up authentically, reach their highest potential, and have an equal opportunity to thrive
• systematically evaluating and improving our inherent beliefs, observed behaviors, structures, and systems
• ensuring that every employee, candidate, client, and family we serve is valued and respected

About Brightline

Brightline is a therapy and psychiatry practice that delivers expert pediatric, teen, and parental mental health care to families and kids up to age 18. Brightline’s virtual and in-person outpatient services include diagnostic evaluation, therapy, psychiatry services (e.g. medication management), and psychological testing (to assess learning differences, school readiness, executive functioning difficulties [e.g. ADHD], and autism). In addition to Brightline’s generalized support, we offer focused programs including those that support anxiety, obsessive compulsive disorders, ADHD, and disruptive behaviors. Founded in 2019, Brightline has delivered care to tens of thousands of families with industry-leading results. We’ve been nationally recognized for clinical excellence and innovation for several years — recent awards include the Fast Company 50 Most Innovative Companies (2022) and Behavioral Health Business Companies to Watch Award (2024). Brightline is based in Palo Alto and is backed by investors including Boston Children’s Hospital, Northwell Health, Blue Cross Blue Shield of Massachusetts, Google Ventures, KKR, and Oak HC/FT.