Senior SecOps Engineer

In Brief We're an early-stage startup that’s building a health AI platform to help clinicians make better use of real-time data to reduce preventable complications and save patient lives. We’re looking for a Senior Security Operations Engineer to lead security infrastructure and operations at Bayesian Health . This is our first dedicated security hire — an opportunity to advocate for and implement modern security practices, shape our security roadmap, and directly contribute to a platform that improves patient outcomes. Who We Are Bayesian Health ’s mission is to improve patient outcomes by empowering clinicians with the insights they need to make the right decision for the right patient at the point-of-care. We’re a diverse team of clinicians, engineers, machine learning experts, product designers, and performance improvement leaders committed to enabling smarter, patient-specific care delivery through unlocking the power of data. We’re funded by top tier tech and biotech investors: Obvious Ventures, Andreessen Horowitz, American Medical Association’s venture arm, Catalio Partners, and LifeForce Capital. Our company has won many awards; most recent recognitions include: Forbes AI Top 50, World Economic Forum Tech Pioneer, Time Best Inventions, BioTech AI Company of the Year. Read more about our recent publication in Nature Medicine that associates our products with lives saved. What You’ll Do You’ll own our security operations from the ground up — implementing technical safeguards, writing automated checks, and ensuring that our systems are secure by default. You’ll be a key partner in preparing for HITRUST r2 certification and supporting ongoing FDA compliance. This is a hands-on role for someone who wants both ownership and impact — and who sees security as a lever to build trust and resilience in healthcare systems. Responsibilities Design and implement infrastructure protections across our cloud and endpoint environments, including AWS security tooling, Google Workspace, and laptop MDM. Lead our HITRUST r2 certification project and ensure ongoing compliance with FDA medical device cybersecurity requirements. Build and maintain automated audits to validate IAM policies, VPN configurations, infrastructure settings, and PHI data access. Collaborate with engineers to protect both production and critical internal systems using tools such as rate limiting, autoscaling, and anomaly detection. Work with technical management to encourage secure SDLC practices (e.g., secrets management and CI/CD hardening). Configure and operate runtime alerting for suspicious behavior using tools like Datadog and Nightfall, and respond to potential threats. Own the vulnerability management lifecycle — coordinating penetration tests, configuring automated scans, triaging findings, coordinating reviews, and driving timely remediation. Maintain and evolve internal security policies and lead IT/security onboarding, training, offboarding, and endpoint protection. Communicate with health system clients and internal teams about our security practices, and review the security implications of new integrations and deployments. Develop threat models and perform and maintain security risk assessments to identify weaknesses in company systems. Coordinate with development teams and Regulatory/Quality teams to implement security controls that reduce risk, improve security and maintain agility and usability. Minimum qualifications 5+ years of experience in security operations, infrastructure security, or cloud security roles. Deep familiarity with AWS security tooling and cloud networking. Hands-on experience with endpoint management tools and security automation. Experience conducting or supporting audits for HITRUST, SOC 2, or similar frameworks. Deep understanding of securing sensitive healthcare data (PHI/PII) in cloud environments. Excellent written and verbal communication skills. Excited to work in a fast-paced, remote-first startup. Preferred qualifications Experience securing systems in healthcare, life sciences, or similarly regulated industries. Familiarity with HIPAA, HITECH, and HITRUST frameworks. Experience with FDA cybersecurity guidance or medical device security standards (e.g. premarket guidance, postmarket management). Knowledge of AAMI TIR-57, IEC 81001-5-1 or other Medical Product Security Standards. Experience implementing SIEM or XDR solutions (e.g., Datadog, Splunk, Sentinel). Track record of setting up scalable, automated security operations in a highly sensitive security environment. Originally posted on Himalayas