Security Engineer

About the Role

Security at Curely AI isn't a checkbox — it's foundational to our mission. We operate in one of the most sensitive data environments in the world, and our customers trust us to protect clinical data at scale. As our Security Engineer, you'll own the technical security program end to end.

What You'll Do

• Own technical security across cloud infrastructure (AWS), application layers, and CI/CD pipelines
• Lead and maintain HIPAA, SOC 2 Type II, and HITRUST compliance programs
• Conduct threat modeling, vulnerability assessments, and penetration testing
• Build security tooling, monitoring, and incident response playbooks
• Review code and architecture for security risks; partner with engineering on secure-by-default practices
• Manage relationships with external auditors, pen testers, and compliance consultants

What We're Looking For

• Bachelor's degree in Computer Science, Information Security, or related field
• 4+ years of security engineering experience in cloud-native environments
• Deep expertise in AWS security (IAM, KMS, GuardDuty, Security Hub)
• Strong knowledge of HIPAA/HITECH technical safeguards and SOC 2 trust criteria
• Experience with application security tooling (SAST, DAST, dependency scanning)
• Security certifications preferred (CISSP, CISM, AWS Security Specialty)

Nice to Have

• Experience with healthcare-specific threat models and clinical data security
• HITRUST CSF experience
• Background in zero-trust architecture and secrets management (Vault, AWS Secrets Manager)