Staff, Security Engineer (App & Product Sec)

Responsibilities

• Build and lead Sprinter’s security program as the company’s first dedicated security hire
• Define and execute a practical security roadmap across cloud infrastructure, application security, compliance, identity, vendor risk, and incident readiness
• Design, implement, and maintain security controls that support HIPAA, SOC 2, and HITRUST requirements
• Partner with legal, product, IT, engineering, and operations teams to ensure ongoing audit readiness and compliance maturity
• Improve security across AWS and GCP environments, including IAM, networking, encryption, secrets management, and cloud-native application security
• Evaluate and implement security tooling for vulnerability management, cloud security posture management, security monitoring, DAST, and related needs
• Lead vulnerability management efforts across applications, infrastructure, cloud environments, and third-party systems
• Coordinate penetration testing efforts, work with external security partners, and drive remediation with engineering teams
• Embed security into the software development lifecycle through secure design reviews, CI/CD checks, developer guidance, and pragmatic security standards
• Own or support partner, customer, and vendor security reviews, including questionnaires, risk assessments, and remediation planning
• Strengthen identity and access management across internal systems, applications, and cloud environments
• Develop clear security policies, procedures, documentation, and reporting for internal teams and senior leadership
• Advise on AI security best practices as Sprinter adopts and builds AI-enabled systems, including data handling, model risk, application security, and privacy controls

Requirements

• Spent 8+ years in security engineering, cloud security, application security, infrastructure security, DevSecOps, or related roles
• Built or meaningfully scaled a security function, security program, or major security domain in a high-growth environment
• Operated as a senior technical owner for security across engineering, infrastructure, product, IT, and compliance stakeholders
• Worked hands-on with cloud security in AWS, GCP, or similar cloud environments
• Implemented security controls that support compliance frameworks such as HIPAA, SOC 2, HITRUST, ISO 27001, or similar
• Led vulnerability management, penetration testing coordination, remediation workflows, and security assessments
• Partnered with engineering teams to embed security into architecture, development, CI/CD, and production operations
• Worked with identity and access management systems such as Okta, Auth0, SSO, MFA, RBAC, or related tooling
• Evaluated, selected, or implemented security tools such as SIEM, DAST, vulnerability scanners, CSPM, endpoint security, or monitoring platforms
• Used scripting or infrastructure-as-code tools such as Python, Bash, Terraform, or similar to automate security workflows
• Communicated security risks, tradeoffs, and priorities clearly to technical and non-technical stakeholders
• Made practical risk decisions in environments where speed, ambiguity, compliance, and security all matter

Nice-to-Haves

• Been the first security hire or an early security leader at a startup
• Built security programs in healthcare, fintech, insurance, logistics, marketplace, or other regulated or operationally complex environments
• Deep experience with HIPAA, SOC 2, HITRUST, or healthcare security and privacy requirements
• Supported customer, partner, or enterprise security reviews in a B2B or healthcare environment
• Helped prepare for or lead security audits and compliance assessments
• Experience with AI security, including secure AI application development, model risk, data privacy, adversarial risk, or AI governance
• Worked closely with product and engineering teams to make security usable, scalable, and developer-friendly
• Experience with container security, Kubernetes, network security, endpoint security, or encryption standards
• Hold certifications such as CISSP, CISM, AWS Certified Security Specialty, CEH, or similar

Technology Stack

• AWS
• GCP
• Terraform and infrastructure-as-code tooling
• TypeScript
• Python
• Bash
• CI/CD systems
• Okta
• Auth0
• SIEM, DAST, vulnerability management, and cloud security tooling
• Identity, access, and secrets management systems
• Cloud networking and infrastructure tooling
• Container and deployment systems
• Serverless AWS, including AppSync, DynamoDB, Lambda, Amplify, CloudFormation, and Node
• GraphQL
• React Native and React Native for Web

Compensation & Benefits

• Meaningful pre-IPO equity
• Medical, dental, and vision plans 100% paid for you and your dependents
• Flexible PTO + 10 paid holidays per year
• 401(k) with match
• 16-week parental leave policy for birthing parent, 8 weeks for all other parents
• HSA + FSA contributions
• Life insurance, plus short and long-term disability coverage
• Free daily lunch in-office
• Annual learning stipend
• Relocation assistance