As someone working on Platform Security at OpenEvidence, you'll be a key architect and driver in securing the mission-critical infrastructure powering our medical AI platform used by healthcare providers worldwide. This role combines exceptional technical scope with direct impact, focusing on the security posture, compliance integrity, and resilience of our entire production ecosystem. You'll join our talented backend team in architecting and hardening our infrastructure, applying defense-in-depth principles to reduce attack surface, improve security observability, and establish robust security controls across our services and data platforms handling sensitive medical data. You will have significant autonomy to make architectural decisions and drive initiatives across cloud security, identity and access management, compliance automation, and secure data pipelines at scale. We're looking for a security expert who thrives in a focused startup environment where technical rigor meets rapid iteration. You'll work directly with engineering leadership to translate security and compliance requirements into technical solutions that enable rather than impede development velocity. The ideal candidate has a proven track record of securing production systems in regulated environments, thinks deeply about threat modeling and risk management, and is energized by the challenge of building healthcare infrastructure that must be both highly innovative and demonstrably secure.
Responsibilities
Own and operate CSPM tooling to continuously monitor and remediate misconfigurations, vulnerabilities, and compliance violations across Google Cloud infrastructure
Manage technical implementation of HIPAA and SOC 2 Type II security controls, including automation, evidence collection, and audit readiness
Configure and maintain WAF and DDoS protection for customer-facing applications, including rule tuning and incident response
Monitor authentication systems to detect and respond to anomalous access patterns
Improve enterprise identity and access management including SSO/SCIM integrations using Google Workspace as the primary IdP
Administer endpoint security including device management, EDR solutions (CrowdStrike), and security monitoring agents
Candidate Qualifications
B.S. or higher in computer science or related major
4+ years of security engineering experience with focus on cloud infrastructure or platform security
Motivation and ability to operate independently in a fast-paced startup environment
Capability to manage risk, make decisions under ambiguity, and balance security with business velocity
Proficiency in scripting/programming for security automation and tooling
Hands-on experience with cloud security including IAM, secrets management, network controls, and security monitoring
Moderate proficiency with Google Cloud or high proficiency with AWS/Azure, including container and serverless security
Experience implementing security compliance frameworks (SOC 2, HIPAA, ISO 27001) in production environments
Familiarity with authentication protocols (OAuth 2.0, SAML, OIDC) and identity providers (Auth0, Okta, Google Workspace)
Understanding of web application security including OWASP Top 10, WAF configurations, and common attack vectors
Locations:
Miami, FL (on-site)
San Francisco, CA (on-site)
Remote, US + on-site 4-6x per year