Overjet

Director of Security, IT

Overjet

full-time

Posted on:

Location Type: Hybrid

Location: San MateoCaliforniaUnited States

Visit company website

Explore more

AI Apply
Apply

Job Level

Lead

Tech Stack

CloudDockerGoGoogle Cloud PlatformJavaScriptNode.jsPythonSDLC

About the role

  • Define and own Overjet's security strategy, roadmap, and risk posture across the full SDLC — spanning hardened Docker image policies, secrets management via GCP Secret Manager, dependency locking, and secure CI/CD pipeline configuration in Google Cloud Build
  • Lead the company's vulnerability management program — overseeing triage of findings from container scanning, SAST/DAST tooling, and dependency audits across Python, Node.js, and Go services
  • Serve as the owner of HIPAA compliance from a technical and operational standpoint, including access control reviews, audit logging, encryption at rest and in transit, and BAA management
  • Partner with Engineering and Product leadership to integrate threat modeling and security design reviews into the product development lifecycle
  • Build and mature Overjet's detection and response capabilities — establishing alerting thresholds, incident response playbooks, and runbooks appropriate for a cloud-native environment
  • Oversee security automation strategy, including pre-commit hooks, CI secret scanning (e.g. Trufflehog, detect-secrets), and policy-as-code initiatives
  • Champion a security-first culture company-wide through developer enablement programs, training, and pragmatic guidance that helps teams ship fast without cutting corners
  • Own and evolve Overjet's IT infrastructure, operations, and support functions — ensuring reliability, scalability, and security across all internal systems and endpoints
  • Manage IT procurement, vendor relationships, and lifecycle management for hardware, software, and SaaS tooling
  • Oversee identity and access management across corporate systems, including SSO, MDM, and endpoint security
  • Establish and enforce IT policies, acceptable use standards, and onboarding/offboarding procedures
  • Drive operational maturity across the IT function — building ticketing workflows, SLAs, and escalation paths that scale with the company
  • Serve as the point of contact for internal and external audits, penetration tests, and compliance assessments (SOC 2, HIPAA, and beyond)
  • Translate technical risk into clear business impact for executive and board-level stakeholders
  • Develop and manage the Security and IT budget, balancing investment across tooling, headcount, and vendor partnerships

Requirements

  • 8+ years of experience in security engineering or IT, with at least 3 years in a leadership role managing teams in a health tech, SaaS, or similarly regulated environment
  • Proven ability to set strategic direction and drive execution across both security and IT functions
  • Deep expertise in container security, GCP environments (IAM least-privilege design, VPC controls, GCP Secret Manager, Cloud Build hardening), and cloud-native architectures
  • Strong command of HIPAA security requirements and a track record of translating compliance obligations into scalable engineering and operational controls
  • Experience owning corporate IT operations, including MDM, endpoint management, SaaS administration, and IT support functions
  • Proficiency in at least one language in our stack (Python, Node.js, or Go) and the ability to conduct meaningful security code reviews across all three
  • Demonstrated experience building and scaling security programs — including secret scanning, dependency vulnerability management, and CI/CD security integration
  • Exceptional communication skills — equally capable of presenting risk to the board, writing a security policy, and pairing with an engineer on a remediation
Benefits
  • Competitive Compensation and Equity
  • Hybrid workplace that provides flexibility, vibrant in-person workspaces, and the ability to build strong connections across all of Overjet - regardless of location
  • 401k plans with a matching program
  • Medical, Dental and Vision coverage: 99% employee premium covered, 75% dependent premium covered
  • Life and AD+D Insurance
  • 8 weeks Paid Parental Leave
  • Optional HSA with Employer contribution
  • Flexible Time Off and company paid holidays
  • Annual Learning and Development Stipend
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
security engineeringcontainer securityGCPPythonNode.jsGovulnerability managementCI/CDHIPAA complianceIT operations
Soft Skills
leadershipstrategic directioncommunicationcollaborationproblem-solvingdeveloper enablementtrainingrisk translationoperational maturitystakeholder engagement