Curative is building the future of health insurance with an innovative employer-based plan. They are seeking a Principal Security Engineer to lead their security engineering function, focusing on strategy, implementation, and mentorship while ensuring security practices are integrated across their infrastructure and applications.
Responsibilities:
- Own strategy and hands-on engineering for Detection and Response platforms; identify, onboard, and normalize all log sources including cloud, containers, endpoints, and SaaS
- Build and maintain Security Orchestration, Automation, and Response (SOAR) tooling to reduce response time and analyst toil
- Lead incident response for complex threats including developing runbooks, driving post- incident improvements, and designing/running BCP/DR tabletop exercises
- Embed security into the SDLC: threat modeling, secure design reviews, SAST/DAST tooling, and automated security gates in CI/CD pipelines
- Own the vulnerability management program at host and application levels; track and drive remediation
- Champion "security as code" practices across engineering teams
- Build AI-powered security tooling: threat detection and anomaly identification at appropriate confidence thresholds, automated triage and remediation workflows, and AI-assisted post- mortem summarization
- Define and implement the security model for LLM-based systems and internal AI tooling
- Architect harness patterns to constrain LLM behavior and harden against prompt injection, indirect injection via RAG pipelines, and data exfiltration via model outputs
- Evaluate and govern AI tool adoption from a security and data-risk perspective
- Own AWS security posture and enforce baselines across Linux/Windows, network devices, and enterprise SaaS (M365, Google Workspace, Azure)
- Engineer, configure, and operate EDR, DLP, and endpoint security programs
- Provide IAM architecture expertise across identity and access systems
- Mentor and actively develop junior and mid-level security engineers through design reviews, pairing, and direct feedback. Growing team capability is a core expectation of this role
- Define and drive security engineering standards across the organization
- Collaborate closely with IT operations, platform, and software to translate threat intelligence into detection and hardening priorities
Requirements:
- 8+ years in security engineering with demonstrated growth into technical leadership
- Hands-on SIEM experience (DataDog, ELK, or equivalent)
- Deep AWS security and IAM expertise
- Application security fundamentals: threat modeling, SAST/DAST, secure SDLC
- Experience building with AI/LLM APIs and practical knowledge of LLM security risks
- EDR, DLP, and vulnerability management experience
- Experience with containerized workloads and Kubernetes security
- Proven track record of mentoring engineers and raising team capability
- Bachelor's degree in a related field or equivalent experience
- CISSP, GIAC, or OSCP certification
- MITRE ATT&CK knowledge applied to detection engineering
- "Security as code" experience (OPA, Checkov, tfsec, or similar)
- Data science or anomaly detection skills applied to security telemetry
- Healthcare industry background (HIPAA, HITRUST)
- Experience with the following tools/technologies: Kubernetes/EKS, Terraform/Terragrunt, Atlantis, Cloudflare, Buildkite, Wiz, Semgrep, EscapeTech, GitHub Advanced Security, Datadog, HashiCorp Vault, N8N, Snowflake, Linear