Senior Security Engineer

About Certify:

At CertifyOS, we're building the infrastructure that powers the next generation of provider data products, making healthcare more efficient, accessible, and innovative. Our platform is the ultimate source of truth for provider data, offering unparalleled ease and trust while making data easily accessible and actionable for the entire healthcare ecosystem.

What sets us apart? Our cutting-edge, API-first, UI-agnostic, end-to-end provider network management platform automates licensing, enrollment, credentialing, and network monitoring like never before. With direct integrations into hundreds of primary sources, we have an unbeatable advantage in enhancing visibility into the entire provider network management process. Plus, our team brings over 25+ years of combined experience building provider data systems at Oscar Health, and we're backed by top-tier VC firms who share our bold vision of creating a one-of-a-kind healthcare cloud that eliminates friction surrounding provider data.

But it's not just about the technology; it's about the people behind it. At Certify, we foster a meritocratic environment where every voice is heard, valued, and celebrated. We're founded on the principles of trust, transparency, and accountability, and we're not afraid to challenge the status quo at every turn. We're looking for purpose-driven individuals like you to join us on this exhilarating ride as we redefine healthcare data infrastructure.

About the role:

We are seeking a seasoned Senior Security Engineer with deep expertise in IT Operations and Infrastructure. You are a strategic thinker and a builder, capable of designing systems that can scale 10x. You will be instrumental in our transition from a agile startup to a mature, enterprise-ready organization. Your core mission is to architect, implement, and govern our security and IT infrastructure, ensuring it meets the rigorous demands of our enterprise clients and regulatory bodies like HIPAA and HITRUST.

This role is a unique opportunity to leave a lasting imprint on our company's core architecture and operational maturity.

• Strategic Security Engineering & Architecture (40%)
• Architect and implement a robust, scalable security framework for our cloud infrastructure (GCP) that supports enterprise-wide growth.
• Design and enforce security governance models, including standardized IAM policies, network segmentation, and data encryption strategies.
• Establish and own the DevSecOps program, integrating automated security controls (SAST, DAST, SCA) into a mature, enterprise-grade CI/CD pipeline.

• Lead the security technical review board for all new projects, ensuring security and operational best practices are embedded from the design phase.

• Enterprise IT Operations & Infrastructure Scaling (40%)

• Lead the transformation of our IT operations from a reactive model to a proactive, service-oriented framework (e.g., leveraging ITIL principles).
• Design, build, and manage a global, highly available, and fault-tolerant infrastructure using Infrastructure as Code (IaC) as the standard.
• Develop and implement a comprehensive corporate security strategy, including Zero-Trust principles for our SaaS tooling (Google Workspace, Slack, Jira), EDR deployment, and mobile device management (MDM).
• Own the vendor risk management process for IT and security tools, ensuring third-party solutions meet our enterprise security and compliance standards.
• Establish and report on key Service-Level Objectives (SLOs) and Key Performance Indicators (KPIs) for infrastructure and critical services.

• Develop and maintain a comprehensive disaster recovery and business continuity plan, including regular testing and failover procedures.

• Security Operations & Governance (20%)

• Define and lead the enterprise incident response program, conducting regular tabletop exercises and ensuring readiness.
• Establish and run the enterprise vulnerability management program, prioritizing remediation based on risk and business impact.
• Develop, document, and enforce security and operational policies, standards, and procedures.

• Bachelor's degree in Computer Science, Information Security, or a related field, or equivalent practical experience.
• 6-8 years of progressive experience in cybersecurity and IT infrastructure, with a proven track record of scaling security and IT operations in a high-growth environment.
• Demonstrable expertise in building and securing enterprise-scale cloud environments (AWS, Azure, or GCP). GCP is highly preferred.
• Expert-level proficiency in Infrastructure as Code (IaC) using Terraform, Ansible, or similar.
• Hands-on experience designing and implementing security governance and operational frameworks.
• Deep knowledge of networking for a distributed enterprise (VPN, ZTNA, SD-WAN) and cloud network security.
• Proficiency in scripting languages (e.g., Python) for automation and tooling.
• Deep, practical experience with security compliance frameworks such as HIPAA, SOC 2, HITRUST, or ISO 27001.

• Experience in the healthcare or health-tech industry is a significant plus.
• Relevant security certifications (e.g., CISM, CCSP, AWS Certified Security – Specialty).
• Experience with IT service management (ITSM) platforms and ITIL concepts.
• Proven ability to mentor junior engineers and lead cross-functional initiatives.
• Excellent communication and stakeholder management skills, with the ability to articulate technical strategy to executive leadership.

At Certify, we're committed to creating an inclusive workplace where everyone feels valued and supported. As an equal opportunity employer, we celebrate diversity and warmly invite applicants from all backgrounds to join our vibrant community.