Senior Security Engineer

Who We Are:

Founded in 2016, K Health's mission is to deliver accessible, high-quality healthcare at scale. As a leading clinical AI company in primary care, K Health has developed a suite of clinical AI agents that enhance provider efficiency and improve patient outcomes. K Health's virtual primary care platform is enhanced by an AI copilot to complete the initial patient intake, summarizing relevant history from the EMR, and generating “the perfect note” to reduce the time providers spend on basic data collection and non-clinical tasks. Unlike other virtual medicine companies, K Health delivers comprehensive, longitudinal primary care in a virtual setting, enabling our clinicians to be true primary care providers without sacrificing scope of practice or continuity of care. 

As a venture-backed startup trusted with nearly $400 million in funding and a $900 million valuation as of July 2024, K Health is well-positioned for sustained future growth. We are expanding our partnerships with major health systems (Cedars-Sinai, Hackensack Meridian Health, Hartford HealthCare), enhancing accessibility and quality of care by pairing people with technology. Our providers are credentialed at these renowned academic health systems and adhere to their clinical guidelines, ensuring patient-first, evidence-based care. Fully integrated into Epic, our AI platform enables K Health to operate as an extension of existing healthcare systems, benefiting from a built-in network of specialists and social services to seamlessly serve patients within those communities. Our unique care delivery model enables our providers to deliver the same high-quality, accessible care to a mixed-payer population, including those with commercial insurance, Medicare, and Medicaid.  

Join us in our mission to deliver smarter, simpler healthcare of the future - today!

About The Role

This is an opportunity to join K's critical InfoSec team as a Senior Security Engineer and operate with foresight in protecting our infrastructure, applications, cloud security, and customer trust. As a lean team, we span across multiple areas such as AppSec, CloudSec, SecOps, ITSec, and Compliance and apply it towards reading and interpreting architecture, or planning and building out net new security solutions. You will have the autonomy to define and implement cutting-edge security solutions across our entire technical ecosystem, ensuring our innovative work remains robust and compliant against evolving global threats. This role is crucial for establishing and maintaining a world-class security posture, particularly within the sensitive and highly regulated healthcare technology space.

What you will do

• Lead the development and implementation of robust application security protocols throughout the entire Software Development Lifecycle (SDLC).
• Design, deploy, and continuously monitor cloud security architecture across our cloud environments, ensuring performance and resilience.
• Manage the security posture of K’s core IT infrastructure, internal networks, and perimeter defenses, mitigating threats before they impact operations.
• Ensure adherence to relevant healthcare regulatory and compliance requirements (e.g., HIPAA, GDPR, etc.) across all product lines and systems.
• Conduct proactive vulnerability assessments, penetration tests, and security reviews to identify and remediate potential weaknesses in our platforms.
• Collaborate with engineering teams to integrate security tools and practices into continuous integration/continuous deployment (CI/CD) pipelines.

What we're looking for

• 5+ years of experience in Information Security, Cloud Security, IT Security, and/or Application Security.
• Strong expertise in cloud technology (AWS, GCP, or Azure), modern programming languages, utilization of generative coding utilities, and the security implications of utilizing AI code development utilities.
• Demonstrated experience researching, establishing, and successfully rolling out enterprise-wide security policies and guidelines.
• Proven experience establishing a cutting-edge security posture, particularly within the regulated healthcare technology field.
• Excellent communication skills, capable of translating complex security risks into clear, actionable advice for technical and non-technical stakeholders.
• Expertise in compliance, security, and regulatory areas such as; HIPAA, PHI, AKS, SOC 2, ISO, GDPR, etc. 
• Flexibility in covering a rotation for critical on-call support responsibilities

Bonus:

• Exploring, partnering and implementing bleeding edge tech not readily available to others.
• Experience with specific tools and tech K uses including but not limited to: Datadog, Sumologic, Torq, flare.io, GCP, Entitle, Okta, Orca, FlowSec, Prisma

Benefits & Perks:  #LI-Hybrid

• Hybrid work schedule with weekly lunches and stocked fridges 
• Monthly social committees for company events
• 18 vacation days, 9 company holidays, 5 sick days, and 2 personal days 
• Stock options for every full-time employee 
• Paid parental leave
• 401k benefit
• Commuter Benefits 
• Competitive health, dental, and vision insurance options 

Compensation:$150,000—$185,000 USD

We offer competitive compensation packages based on industry benchmarks for function, level, and geographic location. Offer amounts are determined by multiple factors such as a candidate's experience and expertise.  

We are proud to be an Equal Opportunity Employer and consider applicants for employment regardless of race, ethnicity, religion, color, national origin, ancestry, disability, medical condition, genetic information, marital status, sex, gender, gender identity, gender expression, sexual orientation, pregnancy, childbirth and breastfeeding, age, citizenship, military or veteran status, or any other class protected by applicable federal, state, and local laws. We’re deeply committed to building teams as diverse as the patients we serve and strive to cultivate an environment where everyone can bring their most authentic self to work. We depend on our differences to make our team stronger, our workplace more dynamic, and our product accessible to all of our users.

We are committed to maintaining the integrity of our hiring process and ensuring a safe environment for all candidates. All communication for job offers from K Health will come from email addresses ending in @khealth.com. K Health will never ask you to provide financial information about yourself during the recruitment process. We will never use personal email accounts or other domains for official correspondence. Our official job postings are only listed on our official website and reputable job boards. Be cautious of job offers from sources other than these platforms.