The OpportunityJoin the team securing the platform that helps millions of people move beyond musculoskeletal pain. As Hinge Health's engineering organization embraces AI-assisted development - including AI-powered code generation, automated PR review workflows, agent sandboxing, and MCP gateway integrations - we need a
Lead Security Engineer who will build the security guardrails, tooling, and standards that ensure we ship with confidence. You'll sit at the critical intersection of
cloud security,
AI-enabled engineering, and
identity & access management, partnering closely with Application Security, SRE, and R&D Engineering to design and enforce security-by-design principles across our AWS environment, CI/CD pipelines, and developer tooling. This is your chance to make a real impact on the lives of millions by driving advancements in healthcare security - ensuring utmost compliance and privacy while enabling engineers to move fast and safely.
Who You Are- A Security-First Thinker: You instinctively design systems that are secure by default, and you know how to balance security rigor with engineering velocity.
- An AI-Savvy Engineer: You're energized (not intimidated) by the rapid adoption of AI-assisted development and see it as an opportunity to build novel security frameworks.
- A Trust Builder: You communicate effectively across engineering, compliance, and leadership teams - authoring clear, plain-spoken technical proposals that drive alignment.
- A Learn-it-all: You stay ahead of emerging threats and continuously evolve your approach - from adversarial ML to supply chain attacks on AI pipelines.
- A Leader at All Levels: You're hands-on in code and architecture, but you also mentor others and help the team self-organize around measurable outcomes.
Basic Qualifications- Bachelor's degree in a technical, engineering, or scientific field - or comparable education/experience
- 7+ years in cybersecurity, with 3+ years focused on security operations or IAM
- 5+ years of experience in cloud security operations, specifically AWS
- 3+ years of coding experience (e.g., Python, Go, or TypeScript) with hands-on experience developing Terraform and infrastructure-as-code
- Hands-on experience securing AI/ML systems, including data pipelines, model deployments, API integrations, and their security challenges
Preferred Qualifications- AWS Solutions Architect or Security Specialty certification
- AI/ML security certifications or familiarity with adversarial machine learning threats and mitigation strategies
- Experience building or integrating security controls into CI/CD pipelines and AI-assisted development workflows
- Experience managing an Enterprise IdP, especially Okta, with deep understanding of OAuth 2.0 and SAML
- SOC 2, PCI, or HIPAA audit/training certifications
- Knowledge of low-level networking principles
What You'll AccomplishIn your first 3 months:- Audit current cloud security posture and IAM architecture across our AWS environment; build relationships with key stakeholders in Application Security, SRE, and R&D Engineering.
- Assess existing AI-assisted development tooling (Claude Code, Cursor, MCP gateway) for security risks and begin developing a governance framework.
In your first 6 months:- Design and implement AI-driven tools and workflows to enhance security monitoring, threat detection, incident response, and IAM governance.
- Develop and enforce policies and protocols to protect AI tools and platforms from misuse, data breaches, and external threats - including secure agent sandboxing and MCP server governance.
- Deliver IAM solutions enabling secure, granular access controls that enforce least privilege principles, utilizing automation and AI for privilege escalation and approvals.
In your first year:- Own the security strategy for AI-enabled development and cloud infrastructure, acting as the primary subject matter expert for security engineering across the organization.
- Ensure all compliance regulations - including HIPAA, privacy, and relevant security frameworks - are met for new services, AI tooling, and infrastructure.
- Develop and drive cybersecurity initiatives related to incident response, threat intelligence, vulnerability management, and monitoring tools.
- Mentor team members in adopting new security tools and processes; educate the broader organization through knowledge-sharing sessions and author clear technical proposals with measurable security OKRs.
Learn more at hingehealth.com
What You'll Love About Us- Inclusive healthcare and benefits: On top of comprehensive medical, dental, and vision coverage, we offer employees and their family members help with gender-affirming care, tools for family and fertility planning, and travel reimbursements if healthcare isn't available where you live.
- Planning for the future: Start saving for the future with our traditional or Roth 401k retirement plan options which include a 2% company match.
- Modern life stipends: Manage your own learning and development.
Culture & Engagement 
