[Remote] Lead Security Engineer
Note: The job is a remote job and is open to candidates in USA. Hinge Health is a company focused on using technology to improve healthcare delivery, particularly for musculoskeletal conditions. They are seeking a Lead Security Engineer to build security guardrails and standards for their AI-assisted development platform, ensuring compliance and privacy while enabling fast and safe engineering practices.ResponsibilitiesAudit current cloud security posture and IAM architecture across our AWS environment; build relationships with key stakeholders in Application Security, SRE, and R&D EngineeringAssess existing AI-assisted development tooling (Claude Code, Cursor, MCP gateway) for security risks and begin developing a governance frameworkDesign and implement AI-driven tools and workflows to enhance security monitoring, threat detection, incident response, and IAM governanceDevelop and enforce policies and protocols to protect AI tools and platforms from misuse, data breaches, and external threats β including secure agent sandboxing and MCP server governanceDeliver IAM solutions enabling secure, granular access controls that enforce least privilege principles, utilizing automation and AI for privilege escalation and approvalsOwn the security strategy for AI-enabled development and cloud infrastructure, acting as the primary subject matter expert for security engineering across the organizationEnsure all compliance regulations β including HIPAA, privacy, and relevant security frameworks β are met for new services, AI tooling, and infrastructureDevelop and drive cybersecurity initiatives related to incident response, threat intelligence, vulnerability management, and monitoring toolsMentor team members in adopting new security tools and processes; educate the broader organization through knowledge-sharing sessions and author clear technical proposals with measurable security OKRsSkillsBachelor's degree in a technical, engineering, or scientific field β or comparable education/experience7+ years in cybersecurity, with 3+ years focused on security operations or IAM5+ years of experience in cloud security operations, specifically AWS3+ years of coding experience (e.g., Python, Go, or TypeScript) with hands-on experience developing Terraform and infrastructure-as-codeHands-on experience securing AI/ML systems, including data pipelines, model deployments, API integrations, and their security challengesAWS Solutions Architect or Security Specialty certificationAI/ML security certifications or familiarity with adversarial machine learning threats and mitigation strategiesExperience building or integrating security controls into CI/CD pipelines and AI-assisted development workflowsExperience managing an Enterprise IdP, especially Okta, with deep understanding of OAuth 2.0 and SAMLSOC 2, PCI, or HIPAA audit/training certificationsKnowledge of low-level networking principlesBenefitsInclusive healthcare and benefits: On top of comprehensive medical, dental, and vision coverage, we offer employees and their family members help with gender-affirming care, tools for family and fertility planning, and travel reimbursements if healthcare isn't available where you live.Start saving for the future with our traditional or Roth 401k retirement plan options which include a 2% company match.Modern life stipends: Manage your own learning and development.Company OverviewHinge Health is a digital clinic for joint, and muscle care, pelvic pain, bowel, and bladder control. It was founded in 2014, and is headquartered in San Francisco, California, USA, with a workforce of 1001-5000 employees. Its website is http://hingehealth.com/.Company H1B SponsorshipHinge Health has a track record of offering H1B sponsorships, with 2 in 2026, 32 in 2025, 18 in 2024, 9 in 2023, 17 in 2022, 13 in 2021, 7 in 2020. Please note that this does not guarantee sponsorship for this specific role.