Senior IT/Security Engineer (AI-native)

Incredible Health

$120K — $150K *
US-AnywhereRemote in United States
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • 5+ years of experience in IT and security roles
  • Proven ownership of SOC 2 Type 2 audit cycles
  • Strong expertise in cloud security, especially AWS and Cloudflare
  • Experience in deploying and administering security tools like IAM, EDR, and SIEM
  • Proficiency in handling security questionnaires for enterprise or healthcare clients
  • Current knowledge of AI security practices and risk assessments
  • Demonstrated ability to adapt security strategies in fast-paced environments

Responsibilities

  • Own and drive the compliance program for SOC 2 Type 2 audits
  • Complete security questionnaires and risk assessments for hospital clients
  • Conduct business continuity and disaster recovery tests
  • Coordinate annual penetration tests and manage remediation efforts
  • Manage security across a tech stack including AWS, Heroku, and Google Workspace
  • Administer and manage company laptop fleet for remote employees
  • Review access permissions and enforce security policies effectively
  • Guide and educate the team on security matters
  • Lead the response and recovery efforts for security incidents
  • Evaluate and secure AI tooling in partnership with engineering

Benefits

  • Fully remote work arrangement
  • Opportunity for growth in a mature security program
  • Dynamic and engaging team culture with team building activities
  • Access to cutting-edge technology and tools
  • Participate in shaping security practices as the sole person in this position
Full Job Description
Position Summary:

Do you freak out with excitement over the latest new hardware and software? Think you have what it takes to keep a growing software company thrumming like a nuclear submarine?

Incredible Health is looking for a fantastic IT/Security Engineer to own our IT and security practice through the next phase of our growth. This is a true owner's role. We have a mature security program with a SOC 2 Type 2 under its belt, so you're not starting from zero - but you'll be our only IT and security person, responsible for the whole thing: running it, sharpening it, and keeping our hospital partners confident that their trust is well placed. You'll be the go-to master of IT and security that our company relies on!

This role is 100% remote and can be located in the following states:

Alabama, Arizona, California, Colorado, Connecticut, District of Columbia, Florida, Georgia, Idaho, Illinois, Indiana, Iowa, Maryland, Massachusetts, Michigan, Minnesota, Mississippi, Missouri, Nebraska, Nevada, New Jersey, New York, North Carolina, Ohio, Oregon, Pennsylvania, South Carolina, Tennessee, Texas, Utah, Virginia, Washington, West Virginia

Usual days include:
  • Owning our compliance program end to end: driving our annual SOC 2 Type 2 audits from evidence collection through auditor walkthroughs, and running Vanta as our governance home base year-round.
  • Completing security questionnaires, addendums, and AI risk assessments for the IT and security teams at our hospital clients - and making sure they're doing the right thing. (Health systems ask great, hard questions. You'll have great answers.)
  • Running real BCDR tests and treating them like live incidents to find the gaps before the gaps find us.
  • Coordinating annual pen tests and driving remediation of findings within SLA.
  • Managing security across our stack: AWS, Heroku, Cloudflare, Google Workspace, GitHub, and our communication tools.
  • Administering our laptop fleet for a fully remote team - imaging, shipping, MDM enrollment, inventory, and end-of-life - so every machine is encrypted, managed, and remotely wipeable.
  • Running access reviews and enforcing least privilege: pruning admin lists, enforcing SSO and 2FA, and tuning password policies.
  • Ensuring new employees get access to everything they need on day one, and departing ones are locked out the same day - partnering with HR and Finance on a tight onboarding/offboarding loop through Rippling and Google.
  • Evaluating and securing AI tooling - from how our team uses Claude and MCP servers to partnering with engineering on customer questions about AI risk, bias testing, and model governance. This is a fast-moving frontier and you'll be our guide.
  • Doing vendor management and procurement reviews, and finding savings while you're at it.
  • Staying on top of the rapidly evolving AI threat landscape and adapting our defenses and team training as fast as the attackers adapt theirs.
  • Playing professor and educating our team on everything security.
  • Advising leadership on security matters during project planning, and working with our full stack engineers to ship improvements you identify.
  • Being the savior in the event of a security incident - leading response, analysis, and the write-up afterward.
  • Supporting co-workers when they manage to put their computers in a bad place. (They should enjoy talking to you, and you to them!)
Unusual days include:
  • Playing online team games until the wee hours of the afternoon
  • Enjoying team trivia, magic shows, and team game nights!
  • Meeting up with your awesome coworkers at one of our off-sites.
You might be the one we're looking for if:
  • You've already been doing this kind of thing for at least five years.
  • You've owned a SOC 2 Type 2 audit cycle yourself - wrangled the evidence, sat with the auditors, and come out the other side with a clean report.
  • Cloud security is one of your strong suits. Extra points if you've locked down AWS before, and double extra if you've herded Cloudflare too.
  • You've deployed and administered tools for all the big acronyms: IAM, EDR/XDR, SIEM, CSPM, MDM, and GRC platforms like Vanta.
  • You've answered security questionnaires from large enterprise or healthcare customers and know how to turn a 200-row spreadsheet into a closed deal.
  • You have informed opinions about AI security - securing internal AI tools, evaluating AI vendors, and translating technical AI work into answers enterprise customers trust.
  • You have scaled security to fight off the ever-increasing phishers and breachers in a fast and high-tech environment.

Similar Jobs

More Jobs at Incredible Health

More Information Technology Jobs

Find similar Senior IT/Security Engineer (AI-native) jobs: