Senior Corporate Security Engineer

Charlie Health is a rapidly growing organization focused on connecting individuals to life-saving behavioral health treatment. The Senior Corporate Security Engineer will design and operate technical security systems to protect corporate environments and sensitive data, partnering with various teams to enhance security measures and support the company's growth.

Responsibilities:

• Design, build and operate technical security controls across Charlie Health’s corporate technology environment
• Engineer scalable security solutions for identity, endpoints, SaaS platforms, cloud-connected services, collaboration tools and internal systems
• Translate security requirements into reliable technical controls, automations, detections and operational workflows
• Partner with IT Engineering to embed secure-by-design practices into enterprise systems, integrations and infrastructure
• Establish control patterns that improve security posture, operational efficiency, auditability and resilience
• Design and improve identity and access controls across workforce systems, SaaS applications and privileged access workflows
• Implement and mature controls for MFA, conditional access, device trust, role-based access, least privilege, service accounts and lifecycle automation
• Partner with IT and business teams to improve joiner, mover, leaver, access review and elevated access processes
• Help advance Charlie Health’s Zero Trust strategy through identity-centric control design, continuous verification and measurable trust signals
• Engineer and improve security controls across Mac, Windows, mobile and BYOD environments
• Partner with endpoint engineering teams to improve secure configuration baselines, MDM policy, EDR coverage, device compliance and vulnerability remediation
• Assess and improve the security posture of corporate SaaS platforms, integrations, APIs and service accounts
• Configure and operationalize security tooling across platforms such as SentinelOne, Wiz, Google Workspace, Okta, Jamf, Microsoft Intune, GitHub, Slack, Atlassian and related systems
• Support cloud security visibility and control implementation across AWS and related services, including use of CloudTrail and other telemetry sources
• Build and improve detections, alerts, dashboards, runbooks and response workflows across corporate security tooling
• Partner with Expel MDR and internal teams to improve telemetry quality, alert fidelity, investigation workflows and response outcomes
• Support investigation and response for identity, endpoint, SaaS, email, cloud, data exposure and corporate security events
• Tune security tools to reduce noise, improve signal quality and increase confidence in control effectiveness
• Develop repeatable playbooks and operating procedures that improve incident readiness and operational consistency
• Help secure Charlie Health’s use of AI tools, LLM platforms, AI agents and AI-enabled workflows
• Evaluate and operationalize controls for AI data protection, prompt-layer security, access governance, logging and usage monitoring
• Partner with IT, Security, Compliance and business teams to define practical security patterns for tools such as OpenAI, Anthropic, LiteLLM, Prompt Security, Pillar and related platforms
• Assess risks related to sensitive data exposure, PHI leakage, model access, third-party integrations and AI-enabled automation
• Stay current on emerging AI security risks, controls and products, and translate relevant developments into practical improvements
• Design and operate controls that protect PHI, employee data, clinician data and sensitive company information
• Support DLP strategy across SaaS platforms, endpoints, browsers, collaboration tools, email, cloud services and AI systems
• Improve visibility into sensitive data movement, sharing patterns and policy violations
• Partner with Compliance, Legal, IT and business teams to support data protection requirements and reduce operational risk
• Build automations and reporting that improve DLP response, control monitoring and evidence collection
• Build automations that improve security operations, access management, control monitoring, remediation and audit evidence collection
• Use APIs, scripting, webhooks, workflow platforms and infrastructure-as-code practices to reduce manual work and improve control consistency
• Develop maintainable security workflows using tools and languages such as Python, Bash, PowerShell, Workato, Terraform, REST APIs and JSON
• Apply modern engineering practices including version control, code review, documentation, testing and repeatable deployment patterns
• Identify opportunities to simplify security processes while improving reliability and measurable outcomes
• Implement and maintain controls that support HIPAA, SOC 2, NIST, ISO 27001 and other applicable frameworks
• Support audit evidence collection, control testing, remediation planning and continuous control monitoring
• Identify security risks, document findings and partner with stakeholders to drive timely remediation
• Translate compliance and risk requirements into practical engineering solutions that support business operations
• Help define metrics that measure control health, security posture, operational maturity and risk reduction

Requirements:

• 5+ years of experience in security engineering, corporate security, infrastructure security, enterprise security, IT security, cloud security or a related technical discipline
• Deep hands-on experience designing, building and operating technical security controls in enterprise environments
• Experience securing identity, endpoints, SaaS platforms, collaboration tools, cloud-connected services and internal systems
• Strong experience with identity and access management concepts, including MFA, conditional access, privileged access, lifecycle automation, service accounts and least privilege
• Experience working with security tools such as MDR platforms, EDR, SIEM, cloud security tools, endpoint management tools, vulnerability management tools or DLP systems
• Experience with security platforms and telemetry sources such as Expel MDR, SentinelOne, Wiz, CloudTrail, Sumo Logic or similar tools
• Experience with endpoint security, MDM, secure configuration management and vulnerability remediation across Mac, Windows or mobile environments
• Experience using scripting, APIs or automation tools such as Python, Bash, PowerShell, Workato, Terraform, REST APIs, webhooks or JSON
• Familiarity with detection engineering, alert tuning, incident response workflows and security operations processes
• Strong understanding of Zero Trust principles, identity-centric security, least privilege, device trust and secure system design
• Ability to work cross-functionally with IT, Security, Engineering, Compliance and business stakeholders
• Strong documentation, ownership, judgment and ability to operate independently in ambiguous environments
• Experience operating at a Staff Engineer or senior technical leadership level
• Experience in healthcare, financial services or other regulated environments
• Experience supporting HIPAA, SOC 2, NIST, ISO 27001 or similar security and compliance frameworks
• Experience securing enterprise AI tools, LLM platforms, AI agents or AI-enabled workflows
• Exposure to AI platforms and security tools such as OpenAI, Anthropic, LiteLLM, Prompt Security, Pillar or similar technologies
• Experience with DLP, CASB, SSPM, browser security, SaaS posture management or data discovery tools
• Experience securing Google Workspace, Okta, Jamf, Microsoft Intune, GitHub, Slack, Atlassian, AWS or similar enterprise platforms
• Experience building automations using REST APIs, webhooks, JSON, service accounts and API authentication patterns
• Experience partnering with managed security providers, MDR teams, external auditors or compliance teams
• Familiarity with AI security risks including sensitive data exposure, prompt injection, model access control, third-party plugin risk and AI system logging