Skip to content
Medonix

Engineering · Full-time

Security Engineer (HIPAA / SOC 2).

Lead application and platform security for a HIPAA-regulated, SOC 2 Type II / HITRUST CSF environment. Hands-on, measured, and resourced.

Apply for this role See all open roles
EngineeringRemote (U.S.)Full-time Back to all roles

About this role

You will be the first dedicated security engineer on the platform team, partnering with engineering and compliance to make security an engineering output rather than a checklist exercise. The current posture: HIPAA + SOC 2 Type II + HITRUST CSF + PCI DSS Level 1, with annual third-party penetration testing and a public bug-bounty program in flight.

What you will own

  • Lead application security: threat modeling, secure-design reviews, dependency / supply-chain hardening.
  • Own the SOC 2 and HITRUST control evidence in partnership with the compliance team.
  • Run and improve the bug-bounty / responsible-disclosure program.
  • Build the in-house security tooling that makes the controls cheap to maintain.
  • Lead incident response when a real one hits.

Must-haves

  • 5+ years in application or platform security at a regulated SaaS or healthcare company.
  • Hands-on offensive security skills: you can read a codebase and find what an auditor would miss.
  • Familiarity with HIPAA, SOC 2 Type II, and at least one of HITRUST CSF / NIST 800-66 / ISO 27001.
  • Comfort writing code in TypeScript, Go, or Python, not just configuring tools.

Nice-to-haves

  • CISSP, OSCP, or equivalent practical credential.
  • Public security research, conference talks, or bug-bounty track record.
  • Experience leading a SOC 2 Type II audit through to clean opinion.

Day in the life

Mornings are typically design reviews and threat modeling on whatever is shipping next. Afternoons split between auditor-evidence work, security-tooling improvements, and customer-facing security questionnaire reviews (which we want fewer of, not more). When something real happens, you lead, but most weeks are proactive, not reactive.

Compensation

Base $195K–$250K, plus 0.10%–0.25% equity, plus a 10–15% target performance bonus.

Talk to RCM

Ready to recover every dollar your practice earns?

See your projected revenue lift in 60 seconds, or talk to a senior RCM strategist now. No commitment. Same-day slots available.

  • 30-day parallel-run guarantee
  • Targets written into the contract
  • HIPAA · SOC 2 Type II · HITRUST
Get a free audit +1-302-520-5413

24/7 · U.S. healthcare only