Security Engineer

Responsibilities

• Build security guardrails and protections into systems to ensure a secure-by-default posture
• Collaborate with engineering teams through design reviews and threat modeling to identify flaws early
• Implement and drive compliance rituals for HIPAA, SOC2, SOC1, PCI, and HITRUST
• Conduct regular vulnerability management and audits across the platform and tech stack
• Manage third-party security relationships, including vendor security reviews and penetration testing coordination

Requirements

• 6+ years of experience in the security domain with a track record of managing complex projects
• Hands-on expertise in security compliance frameworks and rituals
• Strong, practical knowledge of HIPAA regulations
• Ability to write code for security automation
• Experience with threat modeling and auditing systems, networks, and IT setups

About the Company

Candid Health is rethinking medical billing from the ground up. We are building software backed by best-in-class data science to automate the complexity of healthcare payments, helping providers get paid more easily and inexpensively. Based in the Y Combinator W20 batch, we are a well-funded team dedicated to fixing one of the most broken pieces of the US healthcare system.