About Charta Health

About the Opportunity

What You'll Do

• Engineer Secure & Resilient Infrastructure: Design, develop, and implement highly scalable, resilient, and inherently secure cloud infrastructure and application architectures to support our AI platform and data pipelines, prioritizing security-by-design and resilience against attacks.
• Security Automation & DevSecOps: Lead efforts to automate security controls, infrastructure provisioning, deployment, and operational tasks using tools like Terraform, Ansible, and CI/CD pipelines. Embed automated security gates (SAST, DAST, IaC scanning, secrets detection) and security best practices into every stage of the software development lifecycle.
• Cloud Security Engineering: Implement and manage security best practices for our cloud environments (primarily AWS), including network security, identity and access management (IAM), data encryption at rest and in transit, secrets management, and secure configuration baselines.
• Application Security: Partner with development teams to conduct threat modeling, perform security code reviews, and implement secure coding practices. Integrate application security testing tools into CI/CD pipelines and drive vulnerability remediation.
• Security Reliability Metrics & Incident Response: Define, implement, and monitor key security-focused metrics (e.g., Mean Time To Detect (MTTD) security incidents, Mean Time To Respond (MTTR) security incidents, vulnerability remediation SLAs). Design and lead robust incident response plans and procedures for security incidents and breaches, ensuring swift and effective containment, eradication, recovery, and thorough post-incident analysis (blameless post-mortems) focused on improving system security and resilience.
• Security System Engineering & Operations: Oversee the implementation, monitoring, and continuous improvement of critical security systems and technologies, including Security Information and Event Management (SIEM), Cloud Security Posture Management (CSPM), Intrusion Detection/Prevention Systems (IDS/IPS), Web Application Firewalls (WAF), Data Loss Prevention (DLP), Endpoint Detection and Response (EDR), and secrets management solutions.
• Security Observability & Monitoring: Establish comprehensive monitoring, logging, and alerting systems to provide deep visibility into system health, performance, and critical security events and anomalies. Engineer centralized logging for auditability and forensic capabilities.
• Vulnerability Management: Establish and manage a comprehensive vulnerability management program, including regular scanning, penetration testing coordination, analysis of findings, and driving timely remediation efforts across infrastructure and applications.
• Compliance & Regulatory Engineering: Ensure continuous adherence and demonstrable compliance with applicable security laws, regulations, and industry standards relevant to healthcare data and technology (e.g., HIPAA, HITECH, HITRUST, SOC 2, CCPA/CPRA, GDPR) by engineering compliant controls and automated validation.
• Cross-Functional Security Collaboration: Partner closely with Engineering, Product, and IT teams to embed security requirements as first-class citizens into business processes, new projects, and system development lifecycles. Serve as a subject matter expert on security best practices.
• Security Culture & Training: Champion a strong security-first culture. Develop and deliver engaging security awareness and secure coding training programs for all employees to promote a security-conscious and proactive mindset.
• Strategic Security Planning & Threat Intelligence: Strategically plan for future security needs and technological advancements. Continuously research and integrate the latest security technologies, emerging threats, attack vectors, and threat intelligence to enhance Charta's security program and maintain a strong defensive posture.

You'd be a great fit if you have:

• Experience: 4+ years of progressive experience in Security Engineering, Application Security, Cloud Security, or DevSecOps, with a proven track record of applying SRE principles to solve complex security challenges and build resilient systems. At least 2+ years in a lead or foundational capacity.
• Cloud Security Expertise: Deep expertise in cloud platforms, especially AWS, with a strong focus on secure configuration, network security, IAM, data encryption, and operationalizing security within services like EC2, S3, RDS, Lambda, EKS/ECS, VPC, CloudWatch, GuardDuty, Security Hub, WAF, KMS, Secrets Manager.
• Application Security Fundamentals: Solid understanding of common web application vulnerabilities, secure coding practices, and experience with application security testing tools.
• Containerization & Orchestration Security: Solid understanding and practical experience with container technologies and orchestration platforms, including container security best practices and runtime protection.
• Security Operations & Tooling: Experience setting up and managing robust security monitoring, logging, and alerting solutions (e.g., SIEM, EDR, IDS/IPS). Ability to build custom tools and integrate security services via APIs.
• Security Principles & Architecture: In-depth knowledge of security principles, secure system design patterns, network security, application security, cloud security, data protection, and cryptography.
• Healthcare Compliance: Strong understanding of regulatory compliance requirements in the healthcare industry (e.g., HIPAA, HITECH, HITRUST).
• Security Frameworks: Experience with established security frameworks and standards (e.g., NIST CSF, ISO 27001, SOC 2, CIS Benchmarks, MITRE ATT&CK).
• Problem-Solving: Excellent problem-solving, debugging, and analytical skills with a focus on security incident root cause analysis and proactive threat mitigation.
• Communication: Strong communication (written and verbal) and interpersonal skills, with the ability to effectively collaborate with cross-functional teams and articulate security risks and solutions clearly.
• Education: Bachelor's degree in Computer Science, Engineering, Information Security, or a related field; equivalent practical experience will also be considered.

What We Offer

• Competitive salary and comprehensive benefits package, including health insurance, dental insurance, vision insurance, life insurance, and more
• Team dinners and snacks in the office to keep you at your best
• Growth opportunities in a fast-paced, innovative tech startup
• Ongoing professional development and access to cutting-edge AI and healthcare tools
• Wellness & learning stipends so you can invest in both your health and personal growth
• Lively in-person (required 5 days per week) work culture at our headquarters in downtown San Francisco
• $150,000 - $250,000 depending on experience + Equity + Benefits

Our Commitment to Diversity

Interested in applying or learning more?