Senior Security Engineer (Application Security)

• This is an opportunity to join K’s critical InfoSec team as a Senior Security Engineer and operate with foresight in protecting our infrastructure, applications, cloud security, and customer trust
• As a lean team, we span across multiple areas such as AppSec, CloudSec, SecOps, ITSec, and Compliance and apply it towards reading and interpreting architecture, or planning and building out net new security solutions
• You will have the autonomy to define and implement cutting-edge security solutions across our entire technical ecosystem, ensuring our innovative work remains robust and compliant against evolving global threats
• This role is crucial for establishing and maintaining a world-class security posture, particularly within the sensitive and highly regulated healthcare technology space
• Lead the development and implementation of robust application security protocols throughout the entire Software Development Lifecycle (SDLC)
• Design, deploy, and continuously monitor cloud security architecture across our cloud environments, ensuring performance and resilience
• Manage the security posture of K’s core IT infrastructure, internal networks, and perimeter defenses, mitigating threats before they impact operations
• Ensure adherence to relevant healthcare regulatory and compliance requirements (e.g., HIPAA, GDPR, etc.) across all product lines and systems
• Conduct proactive vulnerability assessments, penetration tests, and security reviews to identify and remediate potential weaknesses in our platforms
• Collaborate with engineering teams to integrate security tools and practices into continuous integration/continuous deployment (CI/CD) pipelines

### Benefits

• Our hybrid work schedule offers working from home and in-office days
• Gym Reimbursement for any employees who are enrolled in a medical plan
• K will match 100% of employee contributions to their 401(k) up to 3% of their salary, and then 50% up to 5%
• Equity in K Health for all full-time employees
• Up to 6 weeks of parental leave with additional leave offered through our 3rd party administrator, Sparrow
• 18 Vacation days, 5 sick days, and 2 personal days (plus days off for national holidays and multiple company-wide 3 day weekends per year)
• Choose between three comprehensive plans for your medical, dental, and vision (employees are also eligible to use our K Health app for free!)
• FSAs, HSA, Parking and Commuter accounts- 5+ years of experience in Information Security, Cloud Security, IT Security, and/or Application Security
• Demonstrated experience researching, establishing, and successfully rolling out enterprise-wide security policies and guidelines
• Flexibility in covering a rotation for critical on-call support responsibilities
• Excellent communication skills, capable of translating complex security risks into clear, actionable advice for technical and non-technical stakeholders
• Strong expertise in cloud technology (AWS, GCP, or Azure), modern programming languages, utilization of generative coding utilities, and the security implications of utilizing AI code development utilities
• Expertise in compliance, security, and regulatory areas such as; HIPAA, PHI, AKS, SOC 2, ISO, GDPR, etc
• Proven experience establishing a cutting-edge security posture, particularly within the regulated healthcare technology field
• Exploring, partnering and implementing bleeding edge tech not readily available to others
• Experience with specific tools and tech K uses including but not limited to: Datadog, Sumologic, Torq, flare.io, GCP, Entitle, Okta, Orca, FlowSec, Prisma