Security Engineer

Security at Curely AI isn't a checkbox — it's foundational to our mission. We operate in one of the most sensitive data environments in the world, and our customers trust us to protect clinical data at scale. As our Security Engineer, you'll own the technical security program end to end.

Own our security posture across cloud infrastructure, application security, and compliance. Experience with HIPAA, SOC 2, and healthcare security requirements strongly preferred.

Responsibilities

• Own technical security across cloud infrastructure (AWS), application layers, and CI/CD pipelines
• Lead and maintain HIPAA, SOC 2 Type II, and HITRUST compliance programs
• Conduct threat modeling, vulnerability assessments, and penetration testing
• Build security tooling, monitoring, and incident response playbooks
• Review code and architecture for security risks; partner with engineering on secure-by-default practices
• Manage relationships with external auditors, pen testers, and compliance consultants

Requirements

• Bachelor's degree in Computer Science, Information Security, or related field
• 4+ years of security engineering experience in cloud-native environments
• Deep expertise in AWS security (IAM, KMS, GuardDuty, Security Hub)
• Strong knowledge of HIPAA/HITECH technical safeguards and SOC 2 trust criteria
• Experience with application security tooling (SAST, DAST, dependency scanning)
• Security certifications preferred (CISSP, CISM, AWS Security Specialty)

Nice to have

• Experience with healthcare-specific threat models and clinical data security
• HITRUST CSF experience
• Background in zero-trust architecture and secrets management (Vault, AWS Secrets Manager)

Compensation: Competitive salary + equity. Details discussed during the process.