Staff Security Engineer

Synthesis Health

Who We Are

We're a mission- and values-driven company with tremendous dedication to our customers. Our 100% remote team is dedicated to a common goal – to revolutionize healthcare through innovation, collaboration, and commitment to our core values and behaviors.

About the Opportunity

We are looking for a Staff Security Engineer to serve as our primary identity architect and the external face of our security posture.

In this pivotal role, you will own the entire landscape of identity management across our platform—from the token infrastructure that powers our internal APIs to the federation standards (SAML, OIDC) that connect us to the world. You will architect the backend and serve as the technical authority who gets in front of enterprise customers to instill absolute confidence.

You will lead high-stakes technical conversations with hospital CISOs and Identity Architects, demonstrating that our SSO, token lifecycle management, and federation capabilities are compliant and world-class. You will prove the feasibility of complex integrations on the spot, dismantling objections with deep technical credibility.

While Identity is your primary mission, you will also lead the automation of our compliance posture, moving us toward "Compliance as Code" and ensuring our platform remains audit-ready in real-time.

Key Responsibilities

Holistic Identity & Token Architecture

• Own the Complete Identity Stack: You will architect the end-to-end identity strategy for the platform. This includes the token management infrastructure (minting, validation, rotation, revocation), session handling, and the rigorous implementation of identity standards (OIDC, SAML 2.0, OAuth 2.0).
• Enterprise Technical Partnership: You will serve as the primary technical voice for Identity during critical pre-sales and onboarding conversations. You will lead technical deep dives with customer security teams, translating their complex legacy requirements into modern, secure integration patterns.
• Frictionless Federation: You will build the architecture for seamless hospital onboarding, automating the provisioning of users via upstream identity signals (SCIM, JIT provisioning) while ensuring Zero Trust principles are maintained.

Automated Compliance & Governance

• Compliance as Code: You will automate the evidence collection and enforcement of our compliance controls (ISO 27001, SOC2, HIPAA). You will build tooling that continuously monitors our cloud environment (GCP) for drift and auto-remediates violations.
• Audit Leadership: You will serve as the technical lead for external security audits, translating complex auditor requirements into engineering tasks and demonstrating our security posture through automated proofs.

Platform Security & DevSecOps

• Secure Software Supply Chain: You will secure our CI/CD pipelines, implementing signing (Sigstore/Cosign), vulnerability scanning (SBOM), and secrets management strategies.
• Mentorship & Culture: You will elevate the security consciousness of the organization. You will mentor engineers on common vulnerability patterns (OWASP Top 10) and lead threat modeling sessions for critical new features.

What We're Looking For

• Deep Identity Experience: 8+ years of security engineering experience, with a specialized focus on Identity and Access Management (IAM). You are an expert in the mechanics of token infrastructure (JWTs, JWKS, refresh tokens) and B2B federation.
• Customer-Facing Technical Credibility: You have the presence and depth to lead high-stakes technical meetings. You can effectively communicate complex security architectures to external CISOs and architects, establishing immediate trust and authority.
• Compliance Automation: You have successfully automated compliance frameworks (SOC2 Type II, ISO 27001, HIPAA) in a cloud-native environment. You treat compliance as an engineering problem.
• Cloud Security Mastery: Deep hands-on experience securing Google Cloud Platform (GCP) or AWS. You understand IAM roles, VPC Service Controls, and organization-level policies.
• Application Security: You can read and write code (Go, Python, TypeScript). You can perform code reviews, identify complex logic flaws, and write custom security tooling.

Preferred Qualifications

• Healthcare Experience: Experience handling PHI (Protected Health Information) and understanding the specific security requirements of the HIPAA Security Rule.
• Certifications: CISSP, CCSP, or Google Professional Cloud Security Engineer (valued, but experience trumps paper).

Why You Should Join Us

• Solve Our Toughest Puzzles: This is a high-leverage role. You will be working on the most impactful technical challenges that are critical to the company's success.
• Define the Architecture: You won't just be maintaining a system; you will be a primary author of its future state, with the autonomy to make it happen.
• Lead from the Front: This is a chance to establish yourself as a key technical voice in a rapidly growing company.
• Competitive Compensation & Benefits: We offer a strong salary, a 100% remote culture, and significant opportunities for growth.

We are a values-driven company. Our values:

• Clinical service first.
• Collaborate with our customers.
• Listen, respect, learn.
• Innovate to excel.

The behaviors we look for:

• Be nice.
• Be creative.
• Be honest.
• Be helpful.

Compensation and Benefits

Typical salary range for this position is $150,000 - $180,000. However, Synthesis participates in location based hiring and salary ranges can be adjusted based on candidate's residence.

Other benefits include, but are not limited to: Medical, Dental, Vision, "Use as needed" vacation policy, and participation in our employee option program.

Synthesis Health is an Equal Employment/Affirmative Action employer. We do not discriminate in hiring on the basis of sex, gender identity, sexual orientation, race, color, religious creed, national origin, physical or mental disability, protected veteran status, or any other characteristic protected by federal, state, or local law.