Lead Security Engineer

About us:

Trovo Health is building the AI-powered care team platform for infinitely scalable clinical capacity. We radically increase access and improve quality of care by combining AI agents with clinical experts to take on high-impact clinical operations and care management activities for healthcare organizations.

We're growing rapidly and are backed by Oak HC/FT, investors in leading healthcare and technology companies such as Ambience Healthcare, Devoted Health, VillageMD, CareBridge, Main Street Health, Maven Clinic, and more.

About the role

We are looking for a Security Lead to own Trovo's security program end-to-end, spanning cloud and infrastructure security, application security, compliance readiness, access management, and incident response. This is a strategic, hands-on role: you'll partner closely with Engineering, Product, and Operations to embed security into how we design, build, and operate our platform, and you'll be a client-facing leader who can confidently support security reviews, questionnaires, and audits with healthcare partners.

Responsibilities:

• Own the security roadmap: Define and execute Trovo's security strategy and priorities as we scale in a highly regulated environment.
• Secure the platform: Architect and implement secure cloud infrastructure (AWS), logging/monitoring, IAM, vulnerability management, and secure SDLC practices.
• Drive compliance readiness: Lead technical execution for SOC 2, HIPAA, and related frameworks, building scalable controls, evidence collection, and audit readiness.
• Run incident response: Own detection/response tooling, runbooks, on-call readiness, and post-incident learning to continuously improve resilience.
• Be cross-functional and client-facing: Build relationships with cross-functional stakeholders and represent Trovo in customer security conversations.

We expect you to have:

• Technical security depth: 6-8+ years of engineering experience, with 2+ years focused on security engineering and shipping security improvements in production.
• Cloud & appsec foundation: Hands-on expertise with AWS security, network security, container/orchestration security, and secure SDLC practices.
• Compliance experience: Familiarity supporting SOC 2, HIPAA, or similar frameworks from a technical security standpoint.
• Automation mindset: Proficiency scripting/automating (Python, Bash, etc.) and comfort embedding security controls into CI/CD.Strong communication & ownership: The ability to influence engineering decisions and communicate clearly with non-technical stakeholders (including customers).
• NYC-based: You are based in New York and excited to be in-office ~3 days per week.

Target compensation for this role is $225-$275k, plus equity and a generous benefits package.

Trovo Health is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.