Position Summary:Do you freak out with excitement over the latest new hardware and software? Think you have what it takes to keep a growing software company thrumming like a nuclear submarine?
Incredible Health is looking for a fantastic IT/Security Engineer to own our IT and security practice through the next phase of our growth. This is a true owner's role. We have a mature security program with a SOC 2 Type 2 under its belt, so you're not starting from zero - but you'll be our only IT and security person, responsible for the whole thing: running it, sharpening it, and keeping our hospital partners confident that their trust is well placed. You'll be the go-to master of IT and security that our company relies on!
This role is 100% remote and can be located in the following states:
Alabama, Arizona, California, Colorado, Connecticut, District of Columbia, Florida, Georgia, Idaho, Illinois, Indiana, Iowa, Maryland, Massachusetts, Michigan, Minnesota, Mississippi, Missouri, Nebraska, Nevada, New Jersey, New York, North Carolina, Ohio, Oregon, Pennsylvania, South Carolina, Tennessee, Texas, Utah, Virginia, Washington, West Virginia
Usual days include:- Owning our compliance program end to end: driving our annual SOC 2 Type 2 audits from evidence collection through auditor walkthroughs, and running Vanta as our governance home base year-round.
- Completing security questionnaires, addendums, and AI risk assessments for the IT and security teams at our hospital clients - and making sure they're doing the right thing. (Health systems ask great, hard questions. You'll have great answers.)
- Running real BCDR tests and treating them like live incidents to find the gaps before the gaps find us.
- Coordinating annual pen tests and driving remediation of findings within SLA.
- Managing security across our stack: AWS, Heroku, Cloudflare, Google Workspace, GitHub, and our communication tools.
- Administering our laptop fleet for a fully remote team - imaging, shipping, MDM enrollment, inventory, and end-of-life - so every machine is encrypted, managed, and remotely wipeable.
- Running access reviews and enforcing least privilege: pruning admin lists, enforcing SSO and 2FA, and tuning password policies.
- Ensuring new employees get access to everything they need on day one, and departing ones are locked out the same day - partnering with HR and Finance on a tight onboarding/offboarding loop through Rippling and Google.
- Evaluating and securing AI tooling - from how our team uses Claude and MCP servers to partnering with engineering on customer questions about AI risk, bias testing, and model governance. This is a fast-moving frontier and you'll be our guide.
- Doing vendor management and procurement reviews, and finding savings while you're at it.
- Staying on top of the rapidly evolving AI threat landscape and adapting our defenses and team training as fast as the attackers adapt theirs.
- Playing professor and educating our team on everything security.
- Advising leadership on security matters during project planning, and working with our full stack engineers to ship improvements you identify.
- Being the savior in the event of a security incident - leading response, analysis, and the write-up afterward.
- Supporting co-workers when they manage to put their computers in a bad place. (They should enjoy talking to you, and you to them!)
Unusual days include:- Playing online team games until the wee hours of the afternoon
- Enjoying team trivia, magic shows, and team game nights!
- Meeting up with your awesome coworkers at one of our off-sites.
You might be the one we're looking for if:- You've already been doing this kind of thing for at least five years.
- You've owned a SOC 2 Type 2 audit cycle yourself - wrangled the evidence, sat with the auditors, and come out the other side with a clean report.
- Cloud security is one of your strong suits. Extra points if you've locked down AWS before, and double extra if you've herded Cloudflare too.
- You've deployed and administered tools for all the big acronyms: IAM, EDR/XDR, SIEM, CSPM, MDM, and GRC platforms like Vanta.
- You've answered security questionnaires from large enterprise or healthcare customers and know how to turn a 200-row spreadsheet into a closed deal.
- You have informed opinions about AI security - securing internal AI tools, evaluating AI vendors, and translating technical AI work into answers enterprise customers trust.
- You have scaled security to fight off the ever-increasing phishers and breachers in a fast and high-tech environment.