Security Engineer (Digital Health)

Security Engineer (Digital Health)

Role Overview

As a HIPAA-compliant and SOC2 audited digital health company security and privacy are baked into everything we do. We have solid systems in place and are ready to expand dedicated coverage for this critical work. This is a multi-faceted role spanning IT operations device security compliance and cloud infrastructure - and were looking for someone who covers as many areas as possible even if not every one at depth.

Were an AI-first team. That means we work to amplify our capabilities with the best tools available and we fully expect you to not only use AI in your work but to help us build systems and workflows that use AI to support you as much as possible. If you want to lean into AI-supported IT security and cloud operations this is a great fit.

Key Responsibilities:

IT Device Security & SSO

• Manage device security MDM policies and authentication for a fully remote team.

• Administer and maintain our JumpCloud Hexnode CrowdStrike and Auth0 environments.

• Ensure devices have appropriate policies applied and assist staff with device-related issues.

• Configure and maintain SSO connections for vendor products and services.

SOC2 Compliance & Vanta

• Own the security side of our SOC2 compliance posture managed year-round through Vanta.

• Conduct access reviews manage vendor integrations and security reviews.

• Ensure GitHub security rules are enforced and work with developers to resolve vulnerabilities as they arise.

• Manage our annual penetration testing program and develop a proactive approach to web app and API security.

Security Questionnaires

• Take ownership of completing customer security questionnaires from our Head of Compliance.

• Set up AI tooling to make questionnaire completion both efficient and consistently accurate.

• Maintain an up-to-date library of responses that reflects our current security posture.

Site-to-Site VPNs

• Set up and maintain site-to-site VPN connections between our AWS VPCs and customer networks.

• Troubleshoot connectivity issues and ensure reliable secure network configurations.

AWS Operations

• Support our AWS-native infrastructure and deployments across managed services.

• Work with CDK TypeScript and GitHub Actions for infrastructure management and CI/CD pipelines.

• Apply AWS best practices and actively contribute to the security posture of our cloud environment.

Qualifications:

Required:

• 3 years of experience in IT security cloud infrastructure or a closely related role.

• Hands-on experience with MDM and device management platforms (JumpCloud Hexnode or similar).

• Experience with endpoint security tools such as CrowdStrike or equivalent.

• Familiarity with identity and access management platforms (Auth0 Okta or similar).

• Working knowledge of SOC2 compliance frameworks and security controls.

• Comfort with AWS services and cloud security fundamentals.

• Clear written communication skills for documentation questionnaires and cross-team collaboration.

• Proactive self-directed approach comfortable working independently in a fully remote environment.

Preferred:

• Experience with Vanta or similar compliance automation platforms.

• Background in HIPAA-regulated environments or digital health.

• Experience completing or managing security questionnaires (SIG CAIQ VSAQ etc.).

• Networking fundamentals and VPN configuration experience (site-to-site IPsec BGP).

• Experience with Infrastructure-as-Code (AWS CDK CloudFormation or Terraform).

• Familiarity with GitHub security features: Dependabot secret scanning and branch protection rules.

• Interest in AI-augmented workflows and enthusiasm for building AI-assisted tooling.

• Penetration testing knowledge or experience managing third-party pen test engagements.

Success Metrics

• SOC2 audit readiness maintained year-round with no critical findings.

• Device policy compliance coverage across the full remote team.

• Security vulnerability means time-to-resolution tracked in Vanta and GitHub.

• Customer security questionnaire turnaround time and accuracy.

• VPN uptime and reliability across all active customer network connections.

Working at Neurotrack

• Location: Remote (ideally in Pittsburgh US)

• Schedule: Full-time

• Travel: Minimal

• Benefits: Comprehensive health coverage equity options unlimited PTO and a wellness account.

At Neurotrack youll be part of a mission-driven team committed to improving lives through better brain health. Youll work with innovative technology collaborate with passionate colleagues and make a real impact on the security and reliability of a platform that matters.

Required Experience:

IC