Mid/Senior Backend & CyberSec Engineer

New Health Partners is looking for a Backend & Cybersecurity Engineer who possesses strong secure software development skills and expertise in cloud security. The role involves ensuring the security of their InsurTech platform across various layers and responsibilities, including DevSecOps program implementation, AI security governance, and backend security engineering.

Responsibilities:

• Architect and enforce a comprehensive DevSecOps program across the entire SDLC, integrating security into CI/CD pipelines, code reviews, and deployment workflows
• Implement and manage SAST, DAST, SCA, and container scanning tools (Snyk, SonarQube, Trivy, Grype, Checkov) with automated gates that prevent vulnerable code from reaching production
• Design and enforce zero-trust security architecture across cloud infrastructure, microservices, and AI systems—including network segmentation, mutual TLS, identity-based access, and least-privilege IAM policies
• Manage secrets lifecycle including rotation, injection, and auditing using HashiCorp Vault, AWS Secrets Manager, SOPS, or equivalent tools
• Maintain SBOM (Software Bill of Materials) generation, dependency scanning, and vulnerability management with SLA-driven patching workflows
• Harden Kubernetes clusters: enforce network policies, pod security standards (PSA/PSS), OPA Gatekeeper or Kyverno policies, RBAC, runtime security (Falco), and container image signing
• Architect secure multi-tenant cloud environments with data isolation, encryption at rest and in transit, and tenant-level access controls
• Lead incident response planning and execution—develop runbooks, conduct tabletop exercises, manage security incident workflows, and perform post-incident reviews
• Drive compliance programs for HIPAA, SOC 2 Type II, ISO 27001, and industry-specific data governance standards, including evidence collection, audit preparation, and continuous compliance monitoring
• Design and implement the security architecture for the internal LLM platform and LLM Composer, including model access controls, API authentication, rate limiting, and audit logging
• Develop and enforce prompt injection defenses, input sanitization, output validation, and content filtering guardrails for all AI-powered endpoints
• Establish data security controls for AI training pipelines—ensuring PHI/PII is properly anonymized, encrypted, and access-controlled throughout the model training and evaluation lifecycle
• Implement AI-specific threat modeling covering adversarial attacks, data poisoning, model exfiltration, jailbreaking, and unauthorized tool/agent actions
• Design audit trails and observability for AI system behavior—tracking prompt/response logs, model decision provenance, and flagging anomalous AI outputs
• Collaborate with the AI team to establish responsible AI governance policies including model evaluation red-teaming, bias testing, and safety benchmarks before production deployment
• Ensure AI systems comply with emerging AI regulations and frameworks (NIST AI RMF, EU AI Act considerations, OWASP Top 10 for LLM Applications)
• Conduct security architecture reviews for backend microservices, API designs, and data flows—identifying and remediating vulnerabilities before they reach production
• Implement application-level security controls: authentication/authorization (OAuth 2.0, JWT, OIDC), API rate limiting, input validation, and secure session management
• Design and enforce data protection strategies including field-level encryption, tokenization, data masking, and secure data retention/deletion policies for regulated data (PHI, PII, financial records)
• Contribute to backend services (TypeScript/Nest.js, Python) with a security-first mindset—writing secure code, conducting peer security reviews, and mentoring engineers on secure development practices
• Build and maintain security monitoring, alerting, and SIEM integration for real-time threat detection across application and infrastructure layers
• Perform or coordinate periodic penetration testing, vulnerability assessments, and security audits—both internal and with third-party firms
• Secure AWS cloud environments: IAM policy hardening, KMS key management, VPC architecture, security group auditing, CloudTrail logging, GuardDuty, and AWS Config rules
• Implement infrastructure-as-code security scanning (Checkov, tfsec, Bridgecrew) in Terraform pipelines to catch misconfigurations before deployment
• Design and maintain WAF configurations, DDoS protection, and edge security for public-facing services
• Manage certificate lifecycle, TLS configurations, and encryption key rotation across all services and environments

Requirements:

• 4–8+ years of combined experience in Security Engineering, DevSecOps, and/or Backend Development with a strong security focus
• Deep knowledge of AWS cloud security: IAM, KMS, VPC networking, encryption, CloudTrail, GuardDuty, Security Hub, and AWS Config
• Hands-on Kubernetes security experience: OPA Gatekeeper/Kyverno, pod security standards, network policies, RBAC, runtime security, and image scanning
• Proficiency with CI/CD security integration for GitHub Actions, GitLab CI, or Jenkins—including automated SAST/DAST/SCA scanning and policy enforcement
• Strong understanding of security frameworks and standards: OWASP Top 10, NIST CSF, CIS Benchmarks, MITRE ATT&CK, and zero-trust architecture principles
• Experience with secrets management tools (HashiCorp Vault, AWS Secrets Manager, SOPS) and encryption technologies
• Solid backend development skills in TypeScript/Node.js or Python, with the ability to write secure code and conduct security-focused code reviews
• Strong understanding of authentication/authorization protocols (OAuth 2.0, OIDC, SAML, JWT) and API security patterns
• Experience with compliance frameworks in regulated industries—HIPAA, SOC 2, or ISO 27001—including audit preparation and evidence collection
• Excellent communication skills with the ability to translate security risks into business terms for stakeholders and executive leadership
• Experience securing AI/ML systems, including familiarity with OWASP Top 10 for LLM Applications, NIST AI RMF, or adversarial ML threat modeling
• Hands-on experience with penetration testing, red-teaming, or bug bounty participation
• Experience with SIEM platforms (Splunk, Elastic Security, Sentinel) and security automation/orchestration (SOAR)
• Familiarity with data protection regulations beyond HIPAA: GDPR, CCPA, LFPDPPP, and emerging AI-specific regulations
• Security certifications: CISSP, CEH, AWS Security Specialty, CKS (Certified Kubernetes Security Specialist), or equivalent
• Experience building security tooling, custom security scanners, or automated compliance checking systems
• Background in InsurTech, HealthTech, or FinTech with understanding of industry-specific threat landscapes