ca3f92ea54dc8cdabcaf691d1a29ddbe6011756e

Senior Security Engineer at Metriport

by

metriport is an open-source data intelligence platform that helps healthcare organizations access and exchange patient data in real time. We integrate with all major US health care IT systems and access comprehensive medical data for 300+ million individuals.

We’ve found product-market fit with multi-million ARR, 100+ customers (including Strive Health, Circle Medical, and Brightside Health), backing from top VCs, recent large-scale capital investment, and years of runway. We are ready to scale. We are a tight-knit, high-performing team of mostly former founders (including two YC alumni). We are engineering-heavy, operate with minimal bureaucracy and high autonomy, and hire based on merit, not reputation. We work hard – the founders work six days a week out of our SF office – but give everyone the freedom to create their own schedule. We measure output and we are committed to sustainable intensity.

about us

The following points are an assortment of the most relevant bits that will give you an idea of ​​where we are, why we will win, and our company culture:

  • We are a tight-knit, high-performing and passionate team – we work with relentless intensity and have become leaders in our industry with a fraction of the resources of our competitors.
  • Sustainability means we try to do as much as humanly possible while keeping our health and personal lives in mind.
  • Meaningful work is what gets us out of bed, and we won’t be satisfied by building another CRM company.
  • By lineage, we are a group of underdogs – we hire not on the basis of prestige, but on the basis of demonstrated merit and perceived ability.
  • We are heavy engineering, and most of our engineers are former founders (including 2 ex-YC founders).
  • We operate as a relatively flat structure with little red tape, forced structure or bureaucracy. We choose to just get work done and foster a collaborative environment with high autonomy – our GitHub commit history and product velocity are testament to that.
  • The founders set the pace by working 6 days a week in our SF office, but everyone is given complete freedom to create a schedule that is best for both the team and themselves – team output is measured.

about you

In short, we are looking for a Security Engineer with the following specific qualities:

  • You’re entrepreneurial-minded with an Olympian-level work ethic (almost our entire engineering team is made up of former founders).
  • You are passionate about security and excited to drive security related projects within the company from start to finish.
  • You’re confident in your ability to build scalable systems across the entire stack, and people typically come to you for technical guidance.
  • You believe you can solve any problem you encounter, and don’t shy away from digging deep into areas where you may lack domain expertise.
  • You have a strong sense of ownership of your work and have demonstrated the ability to lead others.
  • You know how to move fast – while maintaining a strong security posture.
  • You care more about the end result and value provided, rather than what new and no-frills technology is being used under the hood for a given feature.
  • When someone outlines a project with an ETA of 3 weeks, you ask yourself “Why can’t this be completed in 3 days?”
  • You are a hacker at heart and you have a good understanding of what rules should and should not be broken.

What will you be doing

After using our extensive onboarding materials to become familiar with our domain, product, and codebase, the goal will be to get you shipping products directly to customers as quickly as possible. Specifically, day-to-day, it looks like this:

  • Spreading security across Metriport’s growing team – we’ll contact you for guidance and training.
  • Running full-stack security projects, large and small, from end-to-end from ideation to production rollout. These projects may include:
    • Implement an enterprise-grade audit logging solution for a new national healthcare network infrastructure stack.
    • Implement granular RBAC at the API key access layer, and more robust roles on our UI.
    • Help us improve our internal security policies and put in place tools to keep the platform and employees safe, as well as making the team efficient.
  • Assisting the engineering team in PR reviews with a security-focused lens.
  • Work with the Go to Market team to complete customer security assessments and questionnaires.
  • Work with the engineering team to tighten security across the development lifecycle – think secret management, access control, and vulnerability scanning.
  • Managing your own work in Linear.
  • Participating in bi-weekly sprint planning/retro sessions and quarterly planning sessions.
  • Attending daily 30-minute remote stand-ups Mon-Fri at 7:30am PST (our only regular mandatory meeting).

requirements

  • You have 6+ years of experience in security engineering and information security.
  • You are located in (or willing to relocate to) San Francisco or the Bay Area.
  • Familiar with HIPAA compliant environment.
  • Experience in implementing and maintaining security frameworks such as SOC 2, NIST, HITRUST, FedRAMP, etc.
  • Experience in implementing data security technologies like SSO, MFA, VPN, FIPS, etc.
  • Experience in organizational secret management.
  • Experience implementing SCA, SAST, DAST in CICD workflows.
  • Experience with Mobile Device Management (MDM).
  • Proficiency in cloud security and networking on AWS – IAM, WAF, KMS, etc.
  • Proficiency in authentication, cryptography, encryption and security protocols such as: MTLS, RSA, SSL, HMAC, RBAC, etc.
  • Bonus: Experience with IHE profiles (ATNA, CT, XUA).

benefits

  • Competitive Equity + Compensation Package 🚀
  • Salary Range: $160,000.00 – $220,000.00
  • Full Family Platinum Health Insurance, Dental and Vision Coverage 🦷
  • 401(k) Retirement Plan + Matching 💰
  • Flexible work from home or office 🏢
  • Free healthy lunch while working in the office (and breakfast + dinner as needed) 🍏
  • Quarterly company off-site with the team ⛷️
  • MacBook provided by us 💻
  • Unlimited PTO (We work hard, but count on you to take the time off you need to perform at your best) 🧘‍♂️

our technology

On the frontend, we use React – on the backend, we rely on Node.js and TypeScript to write the core business logic. We deploy a wide range of AWS cloud services (ie ECS, Fargate, Lambda, etc.), and manage our infrastructure as code with the AWS CDK. Data resides in PostgreSQL, DynamoDB, S3, Snowflake, FHIR Server, and others. We use OneLeat for security and compliance.

Metriport provides equal employment opportunity (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability, genetics, sexual orientation, gender identity, or gender expression. We are committed to a diverse and inclusive workforce and welcome people of all backgrounds, experiences, perspectives and abilities.



<a href

Leave a Comment