Own end-to-end information security strategy across cloud, application, infrastructure, and corporate environments.
Define a pragmatic security roadmap aligned to business risk, regulatory requirements, and engineering velocity.
Serve as the executive owner for security posture, risk management, and incident response.
Act as a trusted advisor to the CTO and executive team on security, risk, and operational tradeoffs.
Drive a DevSecOps-first operating model, embedding security into CI/CD pipelines, infrastructure as code, and developer workflows.
Partner deeply with engineering leadership to make security scalable, automated, and measurable.
Lead threat modeling, secure design reviews, and risk assessments for new platform initiatives.
Champion policy-as-code, guardrails, and automation over manual process.
Own security architecture and operations for a primarily AWS-based environment.
Lead application security programs, including secure SDLC, dependency scanning, SAST/DAST, penetration testing, and vulnerability management.
Build and run effective security operations, including monitoring, investigation, incident response, and post-incident learning.
Manage vendor relationships, including CrowdStrike, Flashpoint, RAD, and Okta.
Lead end-user computing, device management, endpoint security, identity lifecycle management, and access controls.

Requirements

10+ years in information security, IT, or related technical leadership roles, including 5+ years of people management, ideally in healthcare technology SaaS.
Proven experience leading security engineering, security operations, and corporate IT in a cloud-native SaaS environment.
Direct experience in healthcare or other highly regulated industries.
Track record of successfully implementing DevSecOps practices.
Deep hands-on experience securing AWS environments.
Strong understanding of endpoint security, identity systems, and modern SaaS IT stacks.
Practical knowledge of tools such as CrowdStrike, Okta, Flashpoint, RAD, and related platforms.
Strong foundation in application security, cloud security, and infrastructure as code.
Strong collaborator with engineering, platform, and operations teams.
Clear, direct communicator who can articulate risk without theatrics.
Comfortable making tradeoffs and prioritizing based on real-world risk.
Builder mindset with a bias toward automation and scale.

Benefits

100% remote first culture (must be based in the US)
Unlimited Flexible Time Off
15+ Observed Holidays
Rest & R^Charge days (guaranteed a 3-day weekend each month)
R^Charge (6 weeks paid sabbatical + stipend)
401k match 50% for up to 8% on Day 1
Medical/Dental/Vision Benefits on Day 1
HSA & FSA, Life, Disability, Medical Travel & Employee Assistance Program
Paid Parental Leave (16 weeks)
Productivity Stipend & Wellness Fund
Redox Issued MacBook
Virtual and/or in-person Team & Company Events
Stock Options
Employee Referral Bonus Program

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

information securityrisk managementincident responseDevSecOpssecurity architectureapplication securitycloud securityinfrastructure as codesecure SDLCvulnerability management

Soft Skills

collaborationcommunicationleadershipdecision makingproblem solvingtrustworthinessadaptabilitystrategic thinkingrisk assessmentautomation mindset