Lead Member of Technical Staff- Platform Security Engineer

Join us as we work to create a thriving ecosystem that delivers accessible high-quality and sustainable healthcare for all.

Were seeking a Platform Security Engineer to join our Security team and build the future of developer-centric security at athenahealth. Youll design and implement security platforms that integrate seamlessly into developer workflows creating automation frameworks and self-service tooling that enable engineering teams to ship secure code faster. Your mission: eliminate security friction while strengthening our DevSecOps posture across the organization.

What we need for this role:

You are a platform security engineer who builds security solutions that integrate seamlessly into developer workflows. You identify friction points in the development process and create automation frameworks and self-service tooling that enable teams to ship secure code faster. With strong software engineering skills and security expertise you design scalable platforms that balance security requirements with development usability. You have experience with API integration CI/CD security and translating complex security concepts. You measure success through adoption rates and reduced friction and you communicate effectively across technical and business audiences to drive security outcomes without compromising productivity.

Responsibilities may include but are not limited to:

Technical Responsibilities

Design and build security capabilities that provide self-service features for developers including security testing APIs automated policy enforcement and security-as-code solutions

Develop seamless integrations between security tools and developer workflows ensuring security checks are embedded in CI/CD pipelines IDEs pull request workflows and deployment processes

Champion security tools such as static code analysis dynamic code analysis scanning of sensitive information; ensure teams know about tooling and use it during their daily coding activities

Ability to debug complex problems work through logs and engage vendors where appropriate

Willingness and ability to develop strong documentation for stakeholders and team members including thoroughly commented code/scripts and accurate design specifications

Automate integrations and notifications with systems such as internal bug tracking systems to ensure results are documented and shared with necessary stakeholders

Ensure tooling is designed for high availability and redundancy.

Act as an escalation point and participate in on-call rotations where required.

Understand and follow coding conventions architectures and best practices

Perform peer code reviews to ensure quality standards

Collaboration and Leadership

Ownership of commitments take responsibility for outcomes and drive initiatives to completion

Participate and contribute to scrum meetings i.e. daily stand-up sprint planning readouts and retrospectives

Drive self-organization; help determine how the team functions in collaboration with your peers

Partner with Product to establish feedback mechanisms to understand pain points gather requirements and validate that security solutions are meeting their needs without creating bottlenecks

Work collaboratively across the Technology and Product organizations to ensure alignment towards business goals

Builds strong relationships with cross-functional team members

Share business and technical learnings with the broader engineering and product organization while adapting approach for different audiences

Education & Experience Required:

10-15 years of software engineering experience with a focus on security tooling automation or platform development

Bachelors degree in Computer Science Engineering or equivalent practical experience

Information Security expertise including application security secure development lifecycle threat modeling vulnerability management and risk assessment

Modern programming proficiency in languages such as Python Java Groovy JavaScript or similar (polyglot experience preferred)

Desired Qualifications:

CI/CD and DevSecOps experience including pipeline security container security (Docker/Kubernetes) and infrastructure as code (Terraform)

Security tooling experience with SAST DAST SCA CNAPP or similar application security platforms

Cloud architecture knowledge with AWS and/or Azure including cloud-native security patterns

Container management experience with Docker and Kubernetes

Agile development experience working in cross-functional teams

Authored production-quality code that is performant scalable maintainable and well-documented