Principal Security Engineer
Auto Import<p><span style="font-family: 'times new roman', times, serif; font-size: 12pt;"><strong>About Curative</strong></span></p> <p> </p> <p><span style="font-family: 'times new roman', times, serif; font-size: 12pt;">Curative is building the future of health insurance with a first-of-its-kind employer-based plan designed to remove financial barriers and make care truly accessible: one monthly premium with $0 copays and $0 deductibles*. Backed by our recent $150M in Series B funding and valuation at $1.275B, Curative is scaling rapidly and investing in AI-powered service, deeper member engagement, and a smart network designed for today’s workforce.</span></p> <p><span style="font-family: 'times new roman', times, serif; font-size: 12pt;">Our north star guides everything we do: healthcare only works when people can actually use it. That belief drives every decision we make: from how we design our plan, support our members, to how we collaborate as a team.</span></p> <p><span style="font-family: 'times new roman', times, serif; font-size: 12pt;">If you want to do meaningful work with a team that moves fast, experiments boldly, and cares deeply, Curative is the place to do it. We’re growing fast and looking for teammates who want to help transform health insurance for the better.</span></p> <p> </p> <p><span style="font-family: 'times new roman', times, serif; font-size: 12pt;"><strong>Role Overview</strong></span></p> <p><br><span style="font-family: 'times new roman', times, serif; font-size: 12pt;">We're looking for a Principal Security Engineer to own our security engineering function end-to-end from defining platform strategy to hands-on implementation. This is a technical leadership role: you'll set the bar for how security is built and operated across our infrastructure, applications, and AI systems, and actively grow the engineers around you.</span></p> <p><span style="font-family: 'times new roman', times, serif; font-size: 12pt;">This team moves fast, and you should be excited about interacting with a wide variety of stakeholders. The right fit for this role has a strong interest in building tools, is comfortable working with new technologies, and has a strong sense of enabling business operations through secure designs. This role will be to design, deploy and maintain all tooling that supports Security Operations</span></p> <p><span style="font-family: 'times new roman', times, serif; font-size: 12pt;">Finally it's important to us that everyone on our team be prepared to work with and supportive of a variety of backgrounds, roles, and needs. Our organization is built on trust and mutual respect, we know that it's only together that we achieve truly great things.</span></p> <p><span style="font-family: 'times new roman', times, serif;">This is a remote position</span></p> <p> </p> <p><span style="font-family: 'times new roman', times, serif; font-size: 12pt;"><strong>Key Responsibilities</strong></span></p> <p><span style="text-decoration: underline; font-family: 'times new roman', times, serif; font-size: 12pt;">Detection, Response & Visibility</span></p> <ul> <li><span style="font-family: 'times new roman', times, serif; font-size: 12pt;">Own strategy and hands-on engineering for Detection and Response platforms; identify, onboard, and normalize all log sources including cloud, containers, endpoints, and SaaS</span></li> <li><span style="font-family: 'times new roman', times, serif; font-size: 12pt;">Build and maintain Security Orchestration, Automation, and Response (SOAR) tooling to reduce response time and analyst toil</span></li> <li><span style="font-family: 'times new roman', times, serif; font-size: 12pt;">Lead incident response for complex threats including developing runbooks, driving post- incident improvements, and designing/running BCP/DR tabletop exercises.</span></li> </ul> <p><span style="text-decoration: underline; font-family: 'times new roman', times, serif; font-size: 12pt;">Application Security</span></p> <ul> <li><span style="font-family: 'times new roman', times, serif; font-size: 12pt;">Embed security into the SDLC: threat modeling, secure design reviews, SAST/DAST tooling, and automated security gates in CI/CD pipelines</span></li> <li><span style="font-family: 'times new roman', times, serif; font-size: 12pt;">Own the vulnerability management program at host and application levels; track and drive remediation</span></li> <li><span style="font-family: 'times new roman', times, serif; font-size: 12pt;">Champion "security as code" practices across engineering teams </span></li> </ul> <p><span style="text-decoration: underline; font-family: 'times new roman', times, serif; font-size: 12pt;">AI & Security</span></p> <ul> <li><span style="font-family: 'times new roman', times, serif; font-size: 12pt;">Build AI-powered security tooling: threat detection and anomaly identification at appropriate confidence thresholds, automated triage and remediation workflows, and AI-assisted post- mortem summarization</span></li> <li><span style="font-family: 'times new roman', times, serif; font-size: 12pt;">Define and implement the security model for LLM-based systems and internal AI tooling</span></li> <li><span style="font-family: 'times new roman', times, serif; font-size: 12pt;">Architect harness patterns to constrain LLM behavior and harden against prompt injection, indirect injection via RAG pipelines, and data exfiltration via model outputs</span></li> <li><span style="font-family: 'times new roman', times, serif; font-size: 12pt;">Evaluate and govern AI tool adoption from a security and data-risk perspective</span></li> </ul> <p><span style="text-decoration: underline; font-family: 'times new roman', times, serif; font-size: 12pt;">Infrastructure & Platform Security</span></p> <ul> <li><span style="font-family: 'times new roman', times, serif; font-size: 12pt;">Own AWS security posture and enforce baselines across Linux/Windows, network devices, and enterprise SaaS (M365, Google Workspace, Azure)</span></li> <li><span style="font-family: 'times new roman', times, serif; font-size: 12pt;">Engineer, configure, and operate EDR, DLP, and endpoint security programs</span></li> <li><span style="font-family: 'times new roman', times, serif; font-size: 12pt;">Provide IAM architecture expertise across identity and access systems</span></li> </ul> <p><span style="text-decoration: underline; font-family: 'times new roman', times, serif; font-size: 12pt;">Leadership & Mentorship</span></p> <ul> <li><span style="font-family: 'times new roman', times, serif; font-size: 12pt;">Mentor and actively develop junior and mid-level security engineers through design reviews, pairing, and direct feedback. Growing team capability is a core expectation of this role</span></li> <li><span style="font-family: 'times new roman', times, serif; font-size: 12pt;">Define and drive security engineering standards across the organization</span></li> <li><span style="font-family: 'times new roman', times, serif; font-size: 12pt;">Collaborate closely with IT operations, platform, and software to translate threat intelligence into detection and hardening priorities</span></li> </ul> <p> </p> <p><span style="font-family: 'times new roman', times, serif; font-size: 12pt;"><strong>Education</strong></span></p> <p><span style="font-family: 'times new roman', times, serif; font-size: 12pt;">Bachelor's degree in a related field or equivalent experience.</span></p> <p> </p> <p><span style="font-family: 'times new roman', times, serif; font-size: 12pt;"><strong>Qualifications</strong></span></p> <ul> <li><span style="font-family: 'times new roman', times, serif; font-size: 12pt;"> 8+ years in security engineering with demonstrated growth into technical leadership</span></li> <li><span style="font-family: 'times new roman', times, serif; font-size: 12pt;">Hands-on SIEM experience (DataDog, ELK, or equivalent)</span></li> <li><span style="font-family: 'times new roman', times, serif; font-size: 12pt;">Deep AWS security and IAM expertise</span></li> <li><span style="font-family: 'times new roman', times, serif; font-size: 12pt;"> Application security fundamentals: threat modeling, SAST/DAST, secure SDLC</span></li> <li><span style="font-family: 'times new roman', times, serif; font-size: 12pt;">Experience building with AI/LLM APIs and practical knowledge of LLM security risks</span></li> <li><span style="font-family: 'times new roman', times, serif; font-size: 12pt;">EDR, DLP, and vulnerability management experience</span></li> <li><span style="font-family: 'times new roman', times, serif; font-size: 12pt;">Experience with containerized workloads and Kubernetes security</span></li> <li><span style="font-family: 'times new roman', times, serif; font-size: 12pt;">Proven track record of mentoring engineers and raising team capability</span></li> </ul> <p><span style="font-family: 'times new roman', times, serif; font-size: 12pt;"><strong>Nice to Have</strong></span></p> <ul> <li><span style="font-family: 'times new roman', times, serif; font-size: 12pt;">CISSP, GIAC, or OSCP certification</span></li> <li><span style="font-family: 'times new roman', times, serif; font-size: 12pt;">MITRE ATT&CK knowledge applied to detection engineering</span></li> <li><span style="font-family: 'times new roman', times, serif; font-size: 12pt;">"Security as code" experience (OPA, Checkov, tfsec, or similar)</span></li> <li><span style="font-family: 'times new roman', times, serif; font-size: 12pt;">Data science or anomaly detection skills applied to security telemetry</span></li> <li><span style="font-family: 'times new roman', times, serif; font-size: 12pt;"> Healthcare industry background (HIPAA, HITRUST)</span></li> <li><span style="font-family: 'times new roman', times, serif; font-size: 12pt;">Experience with the following tools/technologies: Kubernetes/EKS, Terraform/Terragrunt, Atlantis, Cloudflare, Buildkite, Wiz, Semgrep, EscapeTech, GitHub Advanced Security, Datadog, HashiCorp Vault, N8N, Snowflake, Linear</span></li> </ul> <p> </p> <p><span style="font-family: 'times new roman', times, serif; font-size: 12pt;"><strong>Perks & Benefits </strong></span></p> <p> </p> <ul style="list-style-type: initial;"> <li style="line-height: 1;"> <p style="line-height: 1;"><span style="font-family: 'times new roman', times, serif; font-size: 12pt;">Curative Health Plan (100% employer-covered medical premiums for you and 50% coverage for dependents on the base plan.)</span></p> <ul style="list-style-type: initial;"> <li> <p><span style="font-family: 'times new roman', times, serif; font-size: 12pt;">$0 copays and $0 deductibles (with completion of our Baseline Visit )</span></p> </li> <li> <p><span style="font-family: 'times new roman', times, serif; font-size: 12pt;">Preventive and primary care built in</span></p> </li> <li> <p><span style="font-family: 'times new roman', times, serif; font-size: 12pt;">Mental health support (Rula, Televero, Two Chairs, Recovery Unplugged)</span></p> </li> <li> <p><span style="font-family: 'times new roman', times, serif; font-size: 12pt;">One-on-one care navigation</span></p> </li> <li> <p><span style="font-family: 'times new roman', times, serif; font-size: 12pt;">Chronic condition programs (diabetes, weight, hypertension)</span></p> </li> <li> <p><span style="font-family: 'times new roman', times, serif; font-size: 12pt;">Maternity and family planning support</span></p> </li> <li> <p><span style="font-family: 'times new roman', times, serif; font-size: 12pt;">24/7/365 Curative Telehealth</span></p> </li> <li> <p><span style="font-family: 'times new roman', times, serif; font-size: 12pt;">Pharmacy benefits </span></p> </li> </ul> </li> <li style="line-height: 1;"> <p><span style="font-family: 'times new roman', times, serif; font-size: 12pt;">Comprehensive dental and vision coverage</span></p> </li> <li style="line-height: 1;"> <p><span style="font-family: 'times new roman', times, serif; font-size: 12pt;">Employer-provided life and disability coverage with additional supplemental options</span></p> </li> <li style="line-height: 1;"> <p><span style="font-family: 'times new roman', times, serif; font-size: 12pt;">Flexible spending accounts </span></p> </li> <li style="line-height: 1;"> <p><span style="font-family: 'times new roman', times, serif; font-size: 12pt;">Generous PTO policy plus 11 paid annual company holidays</span></p> </li> <li style="line-height: 1;"> <p><span style="font-family: 'times new roman', times, serif; font-size: 12pt;">401K for full-time employees</span></p> </li> <li> <p style="line-height: 1;"><span style="font-family: 'times new roman', times, serif; font-size: 12pt;">Generous Up to 8–12 weeks paid parental leave, based on role eligibility.</span></p> </li> </ul>