Maven ClinicRemote
Staff Software Engineer - Security
United States of America
Full Time
1 week ago
$221,000 - $260,000 USD
H1B Sponsor Likely
Key skills
TypeScriptPythonGoRustAIMLAWSAzureGCPTerraformKubernetesGitLab CIIAMAuth0OktaGitLabSaaSSDLCCI/CDCommunicationCloud SecurityZero Trust
About this role
Maven Clinic is the world's largest virtual clinic for women and families, dedicated to improving healthcare access and outcomes. The Staff Software Engineer - Security will design and implement security infrastructure to ensure compliance with industry standards and enhance the overall security posture of the organization.
Responsibilities:
- Design and implement scalable infrastructure supporting HIPAA, SOC 2, and ISO 27001 compliance
- Build and maintain systems for identity, authentication, and access management (Okta / GCP IAM / Auth0/ OPA)
- Implement observability and anomaly detection across microservices, data stores, and SaaS platforms
- Establish Zero Trust principles and enforce least-privilege access company-wide
- Develop compliance observability dashboards and automated evidence collection
- Create self-service security tools that integrate with developer workflows (GitLab CI/CD, Terraform)
- Automate onboarding/offboarding, access reviews, and approvals
- Integrate software-supply-chain security (SBOM, dependency scanning)
- Develop or adopt AI-assisted security tooling to proactively identify risks
- Automate policy enforcement, SAST/DAST scans, and compliance verification
- Lead threat modeling and security architecture reviews for new products and services
- Partner with product and data teams to embed secure-by-default design patterns
- Ensure encryption, access tracking, and secure data handling across PHI workflows
- Contribute to incident response, post-mortems, and continual improvement of security posture
- Act as Maven’s technical authority for security engineering
- Mentor peers and promote secure coding and architecture practices
- Partner cross-functionally (Engineering, Compliance, Clinical, Legal) to align on security strategy
- Champion an engineering culture of transparency, accountability, and continuous improvement
Requirements:
- 8+ years of software engineering experience, including 3+ in security infrastructure or application security
- Proven ability to design and implement large-scale, distributed, cloud-native systems
- Strong coding proficiency in Python, TypeScript, Go and/or Rust
- Deep understanding of cloud security (GCP preferred; AWS/Azure welcome)
- Experience with Kubernetes, containers, and infrastructure-as-code (Terraform)
- Familiarity with security testing frameworks and secure SDLC principles
- Excellent communication and documentation skills
- Expertise in Zero Trust architectures, authentication/authorization frameworks, and data-loss prevention
- Experience with security compliance automation (SOC 2, ISO 27001, PCI-DSS, NIST)
- Background in data security telemetry and threat detection
- Familiarity with AI/ML security and AI-assisted analysis tools
- Exposure to supply-chain security and CI/CD pipeline hardening
- Certifications (CISSP, GCP Professional Cloud Security Engineer, OSCP) a plus