Senior Security Engineer - Application Security

About the role

This is an opportunity to join K's critical InfoSec team as a Senior Security Engineer and operate with foresight in protecting our infrastructure, applications, cloud security, and customer trust. As a lean team, we span across multiple areas such as AppSec, CloudSec, SecOps, ITSec, and Compliance and apply it towards reading and interpreting architecture, or planning and building out net new security solutions. You will have the autonomy to define and implement cutting-edge security solutions across our entire technical ecosystem, ensuring our innovative work remains robust and compliant against evolving global threats. This role is crucial for establishing and maintaining a world-class security posture, particularly within the sensitive and highly regulated healthcare technology space.

What you will do

• Lead the development and implementation of robust application security protocols throughout the entire Software Development Lifecycle (SDLC).
• Design, deploy, and continuously monitor cloud security architecture across our cloud environments, ensuring performance and resilience.
• Manage the security posture of K's core IT infrastructure, internal networks, and perimeter defenses, mitigating threats before they impact operations.
• Ensure adherence to relevant healthcare regulatory and compliance requirements (e.g., HIPAA, GDPR, etc.) across all product lines and systems.
• Conduct proactive vulnerability assessments, penetration tests, and security reviews to identify and remediate potential weaknesses in our platforms.
• Collaborate with engineering teams to integrate security tools and practices into continuous integration/continuous deployment (CI/CD) pipelines.

What we're looking for

• 5+ years of experience in Information Security, Cloud Security, IT Security, and/or Application Security.
• Strong expertise in cloud technology (AWS, GCP, or Azure), modern programming languages, utilization of generative coding utilities, and the security implications of utilizing AI code development utilities.
• Demonstrated experience researching, establishing, and successfully rolling out enterprise-wide security policies and guidelines.
• Proven experience establishing a cutting-edge security posture, particularly within the regulated healthcare technology field.
• Excellent communication skills, capable of translating complex security risks into clear, actionable advice for technical and non-technical stakeholders.
• Expertise in compliance, security, and regulatory areas such as; HIPAA, PHI, AKS, SOC 2, ISO, GDPR, etc.
• Flexibility in covering a rotation for critical on-call support responsibilities

Bonus:

• Exploring, partnering and implementing bleeding edge tech not readily available to others.
• Experience with specific tools and tech K uses including but not limited to: Datadog, Sumologic, Torq, flare.io, GCP, Entitle, Okta, Orca, FlowSec, Prisma

Benefits & Perks: #LI-Hybrid

• Hybrid work schedule with weekly lunches and stocked fridges
• Monthly social committees for company events
• 18 vacation days, 9 company holidays, 5 sick days, and 2 personal days
• Stock options for every full-time employee
• Paid parental leave
• 401k benefit
• Commuter Benefits
• Competitive health, dental, and vision insurance options