The Role

You will be the foundational technical pillar for security at Candid Health. As our first Principal Security Engineer, you won't just be managing a compliance checklist-you will architect, build, and scale the technical systems that protect our customers and their patients.

Operating as a high-influence individual contributor, you will partner directly with Engineering and Product leadership to ensure we ship features rapidly while maintaining an ironclad promise of data integrity. This is a role for a heavy-hitting technical leader who wants to set the security blueprint for a fast-growing health-tech platform.

What You'll Do

• Architect and Guide the Security Landscape: Serve as the ultimate technical authority for security at Candid. While you won't be managing HR lines, you will set the technical bar, mentor engineers, and help scale a world-class security engineering culture.
• Design the Enterprise-Grade Roadmap: Lead the technical transition from a foundational security posture to a best-in-class, resilient enterprise architecture capable of defending complex healthcare data workflows.
• Drive Strategy at the Leadership Level: Act as the subject matter expert who translates complex technical risks into business priorities. You will partner with executive leadership to stack-rank risks and embed security directly into Candid's overarching business strategy.
• Bake Trust & Compliance into the Architecture: Translate rigorous frameworks like HIPAA, SOC2, SOC1, PCI, and HITRUST into concrete engineering requirements. You will ensure compliance is a living, automated process built into our code and infra, and you'll regularly serve as the expert technical voice in the room with our largest enterprise customers.
• Evangelize a "Secure-by-Design" Culture: Level up our 200+ employees. Through threat modeling, secure coding practices, and cross-functional collaboration, you will embed a security-first mindset across every team from engineering to legal.
• Own Vulnerability & Vendor Deep Dives: Oversee third-party penetration testing, dissect vendor architectures before integration, and ensure our production environments undergo continuous automated and manual scrutiny.

Who You Are

• An Elite Technical Leader: You have 10+ years of experience in security engineering, with a proven track record of architecting secure systems across complex technical surface areas in both startup and scaled enterprise environments.
• A Practitioner, Not Just a Theorist: You have driven security outcomes at scale. You know how to balance pragmatism with bulletproof defense-in-depth, and you excel at navigating the technical trade-offs required in a fast-moving engineering organization.
• A Security Expert: You possess a deep, native understanding of sensitive, highly regulated datasets and the unique, high-stakes challenges of handling protected critical information
• A Force Multiplier: You know how to code, architect, and influence. You are equally comfortable writing secure infrastructure-as-code, threat-modeling a distributed system, or standing in front of an enterprise customer's CISO to defend Candid's security posture.

Pay Transparency
The estimated starting annual salary range for this position is $240,000 - $310,000 USD. The listed range is a guideline from Pave data, and the actual base salary may be modified based on factors including job-related skills, experience/qualifications, interview performance, market data, etc. Total compensation for this position may also include equity, sales incentives (for sales roles), and employee benefits. Given Candid Health's funding and size, we heavily value the potential upside from equity in our compensation package. Further note that Candid Health has minimal hierarchy and titles, but has broad ranges of experience represented within roles.