Own end-to-end compliance programs (SOC 2, HIPAA, HITRUST), build customer trust function, implement automation, and partner with engineering on controls for a healthcare AI platform handling protected health information.
Salary not listed
On-site4+ YOESecurity Engineering
About the role
Responsibilities
Own compliance programs end to end (SOC 2 Type II, HIPAA, and HITRUST) from readiness through audit and continuous monitoring.
Build and run the customer trust function (security questionnaires, RFPs, due diligence, and our trust center).
Stand up and administer compliance automation, turning evidence collection and control monitoring into a continuous, low-toil system.
Author security policies, run security-awareness training, and drive access reviews and audit readiness across the company.
Partner with engineering and legal to translate framework and customer requirements into concrete controls, and coordinate external auditors and penetration-testing firms.
Own the risk register and give leadership clear, honest visibility into our security and compliance posture.
Requirements
Typically 4–7 years in GRC, security compliance, or security program management, with a track record of running audits end to end.
Hands-on experience with SOC 2 and HIPAA.
Experience in a regulated, high-growth environment — ideally healthcare or another domain with serious data-handling obligations.
Fluency with compliance automation tooling and enough technical literacy to work credibly with engineers on cloud, identity, and logging controls.
Experience owning customer-facing security with enterprise buyers: questionnaires, trust centers, and due diligence.
Strong written and verbal communication.
Track record of moving quickly, finding shortcuts, and going to unreasonable lengths to deliver on goals.
High NPS with your former teammates.
Nice-to-Haves
HITRUST experience.
Track record of standing up a new framework from scratch.
Safeguards Enforcement Analyst focused on account takeover and credential abuse. Investigate compromise incidents, design remediation workflows, partner with engineering on detection, enforce AI usage policies, and develop scalable enforcement programs for platform safety.
245k – 285k
HybridSecurity Engineering
Application Security Engineer
ZocdocUnited States
Application Security Engineer partnering with engineering teams to embed security into the SDLC, triage SAST/SCA findings, provide remediation guidance on OWASP issues, maintain security docs/playbooks, support governance/audits, and integrate GenAI tools while building AI governance guardrails.
100k – 140k
RemoteSecurity Engineering
Detection & Mitigation Engineer
CloudflareUnited States
Security Detections Engineer identifying attacker TTPs, building real-time detections, and mitigating threats/abuse across Cloudflare's global platform using data analysis, SQL, scripting, and threat intelligence. Requires strong analytical and communication skills.
Salary not listed
HybridSecurity Engineering
Security & Compliance Operations Manager
MintlifySan Francisco, CA
Own and run Mintlify's end-to-end security and compliance programs (SOC 2, ISO 27001/42001, GDPR, Microsoft SSPA) as the first dedicated GRC Program Manager. Administer Drata, manage audits/vendors/evidence, handle customer-facing compliance, and coordinate with engineering.
120k – 180k
On-site3+ YOESecurity Engineering
Red Team Engineer, Safeguards
AnthropicSan Francisco, CA
Red Team Engineer on Anthropic's Safeguards team performing adversarial testing and full kill-chain attacks on AI products to uncover vulnerabilities, jailbreaks, and novel abuse vectors before malicious exploitation. Requires strong pen-testing, red teaming, and LLM-specific security experience.