The RoleAs Director of Security & IT at Overjet, you will be the owner of our security and technology operations - leading the charge to protect the category creating AI platform in dental health, where data integrity and patient privacy are mission-critical. You'll set the strategic vision and own execution across our modern, cloud-native stack on GCP, containerized with Docker, deployed via CI/CD pipelines, and spanning Python, Node.js, and Go services - while also overseeing the IT infrastructure and operations that keep Overjet running day to day.
This is a high-impact leadership role at the intersection of strategy and execution. You'll over time build and manage a team of security engineers and IT professionals, partnering closely with Engineering, Product, Legal, and Compliance to embed security and operational excellence throughout the organization - not as an afterthought, but as a competitive advantage.
Responsibilities Security Leadership
- Define and own Overjet's security strategy, roadmap, and risk posture across the full SDLC - spanning hardened Docker image policies, secrets management via GCP Secret Manager, dependency locking, and secure CI/CD pipeline configuration in Google Cloud Build
- Lead the company's vulnerability management program - overseeing triage of findings from container scanning, SAST/DAST tooling, and dependency audits across Python, Node.js, and Go services
- Serve as the owner of HIPAA compliance from a technical and operational standpoint, including access control reviews, audit logging, encryption at rest and in transit, and BAA management
- Partner with Engineering and Product leadership to integrate threat modeling and security design reviews into the product development lifecycle
- Build and mature Overjet's detection and response capabilities - establishing alerting thresholds, incident response playbooks, and runbooks appropriate for a cloud-native environment
- Oversee security automation strategy, including pre-commit hooks, CI secret scanning (e.g. Trufflehog, detect-secrets), and policy-as-code initiatives
- Champion a security-first culture company-wide through developer enablement programs, training, and pragmatic guidance that helps teams ship fast without cutting corners
- Own and evolve Overjet's IT infrastructure, operations, and support functions - ensuring reliability, scalability, and security across all internal systems and endpoints
- Manage IT procurement, vendor relationships, and lifecycle management for hardware, software, and SaaS tooling
- Oversee identity and access management across corporate systems, including SSO, MDM, and endpoint security
- Establish and enforce IT policies, acceptable use standards, and onboarding/offboarding procedures
- Drive operational maturity across the IT function - building ticketing workflows, SLAs, and escalation paths that scale with the company
- Serve as the point of contact for internal and external audits, penetration tests, and compliance assessments (SOC 2, HIPAA, and beyond)
- Translate technical risk into clear business impact for executive and board-level stakeholders
- Develop and manage the Security and IT budget, balancing investment across tooling, headcount, and vendor partnerships
Qualifications - 8+ years of experience in security engineering or IT, with at least 3 years in a leadership role managing teams in a health tech, SaaS, or similarly regulated environment
- Proven ability to set strategic direction and drive execution across both security and IT functions
- Deep expertise in container security, GCP environments (IAM least-privilege design, VPC controls, GCP Secret Manager, Cloud Build hardening), and cloud-native architectures
- Strong command of HIPAA security requirements and a track record of translating compliance obligations into scalable engineering and operational controls
- Experience owning corporate IT operations, including MDM, endpoint management, SaaS administration, and IT support functions
- Proficiency in at least one language in our stack (Python, Node.js, or Go) and the ability to conduct meaningful security code reviews across all three
- Demonstrated experience building and scaling security programs - including secret scanning, dependency vulnerability management, and CI/CD security integration
- Exceptional communication skills - equally capable of presenting risk to the board, writing a security policy, and pairing with an engineer on a remediation
Why Overjet? - Competitive Compensation and Equity
- Hybrid workplace that provides flexibility, vibrant in-person workspaces, and the ability to build strong connections across all of Overjet - regardless of location
- 401k plans with a matching program
- Medical, Dental and Vision coverage: 99% employee premium covered, 75% dependent premium covered
- Life and AD+D Insurance
- 8 weeks Paid Parental Leave
- Optional HSA with Employer contribution
- Flexible Time Off and company paid holidays
- Annual Learning and Development Stipend
Our Hybrid WorkplaceWe have a unique hybrid workplace at Overjet - which combines the teamwork of meeting in person, with the flexibility of working from anywhere.
Many of our positions are based in San Mateo, New York City, Boston, Salt Lake City, and Lahore. The Jetsetters who live in these "geo-hubs" come to the office on Tuesdays and Wednesdays, while having the option to work from home the rest of the week.
Our People Team is happy to answer any questions about what hybrid work means for your specific role!
