Principal Security Engineer

Curative HR LLC

$130K — $180K *
Healthcare
8 - 10 years of experience
Job Overview by Ladders

Qualifications

  • 8+ years in security engineering focusing on technical leadership
  • Hands-on experience with SIEM tools like DataDog or ELK
  • Deep knowledge of AWS security and IAM best practices
  • Understanding of application security principles including threat modeling and secure SDLC
  • Experience with AI/LLM APIs and awareness of associated security risks
  • Proficient in EDR, DLP, and vulnerability management techniques
  • Familiarity with container security and Kubernetes deployment

Responsibilities

  • Own engineering for Detection and Response platforms and onboard all relevant log sources
  • Build and manage SOAR tools to enhance response efficiency
  • Lead incident response efforts for complex threats and drive improvements post-incident
  • Integrate security into SDLC through comprehensive threat modeling and security reviews
  • Manage the vulnerability program and oversee remediation efforts
  • Develop AI-based security tools for threat detection and automated responses
  • Ensure AWS security posture compliance and manage IAM architecture

Benefits

  • 100% employer-covered medical premiums with comprehensive coverage options
  • $0 copays and deductibles with certain conditions met
  • Extensive mental health support resources available
  • Generous PTO policy accompanied by 11 paid holidays
  • Flexible spending accounts and 401K options for employees
  • Up to 12 weeks paid parental leave based on eligibility requirements
  • Comprehensive dental and vision coverage
Full Job Description
Role Overview

We're looking for a Principal Security Engineer to own our security engineering function end-to-end from defining platform strategy to hands-on implementation. This is a technical leadership role: you'll set the bar for how security is built and operated across our infrastructure, applications, and AI systems, and actively grow the engineers around you.

This team moves fast, and you should be excited about interacting with a wide variety of stakeholders. The right fit for this role has a strong interest in building tools, is comfortable working with new technologies, and has a strong sense of enabling business operations through secure designs. This role will be to design, deploy and maintain all tooling that supports Security Operations

Finally it's important to us that everyone on our team be prepared to work with and supportive of a variety of backgrounds, roles, and needs. Our organization is built on trust and mutual respect, we know that it's only together that we achieve truly great things.

This is a remote position

Key Responsibilities

Detection, Response & Visibility

  • Own strategy and hands-on engineering for Detection and Response platforms; identify, onboard, and normalize all log sources including cloud, containers, endpoints, and SaaS
  • Build and maintain Security Orchestration, Automation, and Response (SOAR) tooling to reduce response time and analyst toil
  • Lead incident response for complex threats including developing runbooks, driving post- incident improvements, and designing/running BCP/DR tabletop exercises.

Application Security

  • Embed security into the SDLC: threat modeling, secure design reviews, SAST/DAST tooling, and automated security gates in CI/CD pipelines
  • Own the vulnerability management program at host and application levels; track and drive remediation
  • Champion "security as code" practices across engineering teams

AI & Security

  • Build AI-powered security tooling: threat detection and anomaly identification at appropriate confidence thresholds, automated triage and remediation workflows, and AI-assisted post- mortem summarization
  • Define and implement the security model for LLM-based systems and internal AI tooling
  • Architect harness patterns to constrain LLM behavior and harden against prompt injection, indirect injection via RAG pipelines, and data exfiltration via model outputs
  • Evaluate and govern AI tool adoption from a security and data-risk perspective

Infrastructure & Platform Security

  • Own AWS security posture and enforce baselines across Linux/Windows, network devices, and enterprise SaaS (M365, Google Workspace, Azure)
  • Engineer, configure, and operate EDR, DLP, and endpoint security programs
  • Provide IAM architecture expertise across identity and access systems

Leadership & Mentorship

  • Mentor and actively develop junior and mid-level security engineers through design reviews, pairing, and direct feedback. Growing team capability is a core expectation of this role
  • Define and drive security engineering standards across the organization
  • Collaborate closely with IT operations, platform, and software to translate threat intelligence into detection and hardening priorities


Education

Bachelor's degree in a related field or equivalent experience.

Qualifications

  • 8+ years in security engineering with demonstrated growth into technical leadership
  • Hands-on SIEM experience (DataDog, ELK, or equivalent)
  • Deep AWS security and IAM expertise
  • Application security fundamentals: threat modeling, SAST/DAST, secure SDLC
  • Experience building with AI/LLM APIs and practical knowledge of LLM security risks
  • EDR, DLP, and vulnerability management experience
  • Experience with containerized workloads and Kubernetes security
  • Proven track record of mentoring engineers and raising team capability

Nice to Have

  • CISSP, GIAC, or OSCP certification
  • MITRE ATT&CK knowledge applied to detection engineering
  • "Security as code" experience (OPA, Checkov, tfsec, or similar)
  • Data science or anomaly detection skills applied to security telemetry
  • Healthcare industry background (HIPAA, HITRUST)
  • Experience with the following tools/technologies: Kubernetes/EKS, Terraform/Terragrunt, Atlantis, Cloudflare, Buildkite, Wiz, Semgrep, EscapeTech, GitHub Advanced Security, Datadog, HashiCorp Vault, N8N, Snowflake, Linear


Perks & Benefits

  • Curative Health Plan (100% employer-covered medical premiums for you and 50% coverage for dependents on the base plan.)

    • $0 copays and $0 deductibles (with completion of our Baseline Visit )
    • Preventive and primary care built in
    • Mental health support (Rula, Televero, Two Chairs, Recovery Unplugged)
    • One-on-one care navigation
    • Chronic condition programs (diabetes, weight, hypertension)
    • Maternity and family planning support
    • 24/7/365 Curative Telehealth
    • Pharmacy benefits
  • Comprehensive dental and vision coverage
  • Employer-provided life and disability coverage with additional supplemental options
  • Flexible spending accounts
  • Generous PTO policy plus 11 paid annual company holidays
  • 401K for full-time employees
  • Generous Up to 8-12 weeks paid parental leave, based on role eligibility.

Similar Jobs

More Jobs at Curative HR LLC

More Healthcare Jobs

Find similar Principal Security Engineer jobs: