Staff Software Engineer - Security
Dandy230,000 - 257,000 USD/year
- Full Time
- Expert & Leadership (9+ years)
$160,000 – $190,000Compensation
Junior (1 to 2 years)Experience Level
Full TimeJob Type
UnknownVisa
Healthcare, Health Technology, CybersecurityIndustries
Requirements
Candidates should possess 8+ years of experience in cybersecurity engineering, along with strong knowledge of modern DevSecOps principles and experience working in a start-up environment or leading security initiatives in a lean environment. They should have a deep understanding of compliance frameworks such as HIPAA, SOC2, HITRUST, NIST, or ISO 27001, and experience configuring Datadog SIEM for active and passive security monitoring/management, as well as familiarity with SIEM platforms, runtime threat detection, and monitoring workflows. Furthermore, candidates must have hands-on experience with Terraform, GCP, Google Kubernetes Engine (GKE) and cloud security controls, and be experienced in integrating and operationalizing SAST, IAST, SCA, and secrets scanning tools.
Responsibilities
The Security Application Engineer will continuously monitor infrastructure and application surface area for active threats, unauthorized access, potential vulnerabilities, and exposures; own and evolve the security architecture across GCP and GKE with a focus on Google Assured Workloads; review and secure Terraform-based infrastructure changes against CIS benchmarks, HIPAA, HITRUST, and other control frameworks; develop response playbooks, lead incident response efforts, and close the loop quickly when issues arise; actively respond to and mitigate security incidents in real time; run internal red-team-style exercises and simulate real-world attacks to harden defenses; correlate data across logs, traces, and metrics using Datadog to detect anomalies; perform continuous penetration testing and active scanning of infrastructure, networks, and services; secure product-layer surfaces by implementing and enforcing security controls across applications and APIs; integrate and monitor security tooling into GitHub workflows and CI/CD pipelines; collaborate with engineering on secure coding standards and architecture reviews; maintain compliance documentation and conduct internal security audits.
Skills
Security Engineering
Cloud Security
GCP
GKE
Terraform
IAM
Threat Detection
Incident Response
Red Team Testing
Security Architecture
CIS Benchmarks
HIPAA
HITRUST
RVO Health
Digital health platform for managing wellbeing
About RVO Health
RVO Health provides a platform that simplifies health and wellness management for nearly 100 million users each month. The company connects individuals and families with reliable health information, doctors, and hospitals, making it easier for them to navigate their healthcare options. RVO Health's digital platforms offer expert-reviewed content and personalized experiences, helping users make informed decisions about their health. Unlike many competitors, RVO Health focuses on accessibility and affordability, ensuring that users can find the right care without confusion. The company's goal is to enhance health outcomes by providing comprehensive support throughout the health journey, from finding care providers to managing overall wellbeing.
Charlotte, North CarolinaHeadquarters
2022Year Founded
VENTURE_UNKNOWNCompany Stage
Consumer Software, HealthcareIndustries
1,001-5,000Employees