Member of Technical Staff, Security

About Mandolin

Nearly every disease will become treatable in our lifetimes. Mandolin is laying the clinical and financial infrastructure to get groundbreaking treatments to patients faster powered by AI agents.

Mandolin partners closely with the largest healthcare institutions in the US covering more than $10B drug spend across the country. Were backed by Greylock SV Angel Maverick SignalFire and the founders of Vercel Decagon and Yahoo.

Why we need you

Mandolins usage is climbing quickly and were preparing for a broad public launch. The platform must deliver enterprise-grade reliability airtight security and effortless developer productivity while processing sensitive healthcare data. Were looking for a DevSecOps leader who can build and operate a rock-solid cloud foundationthen codify the best-practice guardrails that every engineer will rely on as we scale.

The Role

Were looking for a senior security practitioner to own the security posture of our cloud infrastructure and software delivery lifecycle.

This isnt just a compliance checklist role its a builders role.

You will design and support the zero-trust foundation embed security tooling into our developer workflows and lead proactive threat detection efforts while ensuring our platform on Public Cloud scales safely and efficiently.

What youll do

• Architect Zero-Trust Infrastructure on Public Cloud: Design and own resilient cloud infrastructure using Pulumi. Establish strict Zero Trust Networking (ZTN) principles and enforce service-to-service authentication with mTLS. Define autoscaling policies and HA networking for Kubernetes (GKE) and serverless workloads that balance security and cost efficiency.

• Lead Proactive Security & Threat Hunting: Go beyond scanning. Implement threat hunting strategies across our code repositories and CI/CD pipelines. Deploy tune and operationalize a SIEM to correlate events across cloud logs Kubernetes audit trails and application telemetry.

• Secure the SDLC & Developer Experience: Own the security toolchain from commit to deploy. Integrate SAST dependency scanning and container image scanning (OWASP-aligned) directly into GitHub Workflows and ArgoCD rollouts. Help developers move fast without breaking things by providing secure golden path runbooks and dev-containers.

• Governance Compliance & Secrets Lifecycle: Drive the technical implementation for SOC 2 and HIPAA compliance. Centralize secrets management and enforce automated certificate rotation. Implement IaC compliance checks to prevent misconfigurations before they reach production.

• Operationalize Observability & Incident Response: Maintain observability pipelines (Prometheus/Grafana/Cloud Logging) with an eye toward security signal-to-noise. Define actionable SLOs for security controls and lead incident response playbooks for cloud-native threats.

• Cross-Functional Security Leadership: Partner with backend teams to review architecture for security flaws and scalability. Be the subject matter expert for internal developer platform security.

Must-have experience

• 8 years in Security Engineering DevOps or Site Reliability with a deep security focus.

• GCP Security Mastery: Deep hands-on experience securing public cloud environments especially Cloud Run GKE IAM and VPC Service Controls.

• Zero-Trust & mTLS: Proven experience implementing a service mesh or mTLS encryption between services in a containerized environment.

• Proactive Defense: Experience conducting proactive threat hunting in codebases and CI logs not just reacting to scanner alerts.

• SIEM & Detection Engineering: Experience deploying and managing a SIEM platform in a cloud-native environment.

• IaC & GitOps Security: Expert-level proficiency in Pulumi (preferred) or Terraform paired with strong operational knowledge of ArgoCD/Argo Workflows.

• Application Security Fundamentals: Strong background in OWASP Top 10 dependency confusion prevention and container image hardening.

• Compliance & Cert Management: Working knowledge of SOC 2 and HIPAA technical controls and a deep understanding of automated secret and certificate rotation strategies.

Nice-to-haves

• Experience with workflow orchestration platforms (Temporal Cadence Airflow).

• Experience building internal developer platforms or developer portals (Backstage etc.).

• Familiarity with Workload Identity Federation and policy-as-code (OPA/Gatekeeper).

Compensation Philosophy

Compensation for this position will include a base salary equity and a variety of comprehensive benefits. The U.S. base salary range for this role is $160000 - $270000. Actual base salaries will be based on candidate-specific factors including experience skillset and location and local minimum pay requirements as applicable.

Benefits & Perks

As part of our total rewards package we offer attractive benefits and perks to our employees including:

• Free lunch in the office daily & dinner if youre in the office past 7PM

• Comprehensive health dental & vision insurance for you and your family

• Life insurance

• 10 company holidays

• Take what you need PTO

• 4% 401k matching

• $300/month company-sponsored commuter benefits

• State of the art gym in the office

• And more!

Please note the above benefits & perks are for full-time employees