Bayesian Health is looking for a Senior SecOps Engineer to lead security infrastructure and operations as our first dedicated security hire. In this role, you will implement modern security practices, shape the security roadmap, and contribute to a platform that improves patient outcomes. You’ll own security operations from the ground up, including preparing for HITRUST r2 certification and supporting FDA compliance.
What You'll Do
- Design and implement infrastructure protections across cloud and endpoint environments, including AWS security tooling, Google Workspace, and laptop MDM.
- Lead the HITRUST r2 certification project and ensure ongoing compliance with FDA medical device cybersecurity requirements.
- Build and maintain automated audits to validate IAM policies, VPN configurations, infrastructure settings, and PHI data access.
- Collaborate with engineers to protect production and critical internal systems using tools such as rate limiting, autoscaling, and anomaly detection.
- Work with technical management to encourage secure SDLC practices (e.g., secrets management and CI/CD hardening).
- Configure and operate runtime alerting for suspicious behavior using tools like Datadog and Nightfall, and respond to potential threats.
- Own the vulnerability management lifecycle—coordinating penetration tests, configuring automated scans, triaging findings, coordinating reviews, and driving timely remediation.
- Maintain and evolve internal security policies and lead IT/security onboarding, training, offboarding, and endpoint protection.
- Communicate with health system clients and internal teams about security practices, and review security implications of new integrations and deployments.
- Develop threat models and perform and maintain security risk assessments to identify weaknesses in company systems.
- Coordinate with development teams and Regulatory/Quality teams to implement security controls that reduce risk, improve security and maintain agility and usability.
What We're Looking For
- 5+ years of experience in security operations, infrastructure security, or cloud security roles.
- Deep familiarity with AWS security tooling and cloud networking.
- Hands-on experience with endpoint management tools and security automation.
- Experience conducting or supporting audits for HITRUST, SOC 2, or similar frameworks.
- Deep understanding of securing sensitive healthcare data (PHI/PII) in cloud environments.
- Excellent written and verbal communication skills.
- Excited to work in a fast-paced, remote-first startup.
Nice to Have
- Experience securing systems in healthcare, life sciences, or similarly regulated industries.
- Familiarity with HIPAA, HITECH, and HITRUST frameworks.
- Experience with FDA cybersecurity guidance or medical device security standards (e.g. premarket guidance, postmarket management).
- Knowledge of AAMI TIR-57, IEC 81001-5-1 or other Medical Product Security Standards.
- Experience implementing SIEM or XDR solutions (e.g., Datadog, Splunk, Sentinel).
- Track record of setting up scalable, automated security operations in a highly sensitive security environment.
Technical Stack
- AWS
- Google Workspace
- MDM
- Datadog
- Nightfall
Team & Environment
You’ll join a diverse team of clinicians, engineers, machine learning experts, product designers, and performance improvement leaders. We are committed to enabling smarter, patient-specific care delivery through unlocking the power of data.
Work Mode
This is a remote-first position.
Bayesian Health, Inc. is an equal opportunity employer.
