[Remote] Staff Security Engineer
Note: The job is a remote job and is open to candidates in USA. Rightway is hiring a Staff Security Engineer to enhance the security maturity of their systems and AWS estate, supporting a better healthcare experience. This senior individual contributor role involves providing architectural judgment, hands-on execution, and leadership for the Application Security and Cloud Security functions, while collaborating with various teams to implement effective security controls.ResponsibilitiesDirect the daily execution of the Application Security and Cloud Security functions, balancing near-term delivery, technical quality, and team developmentEstablish technical priorities, decision frameworks, and operating expectations for two security disciplines so work is sequenced effectively and aligned to business riskArchitect and deploy defensive controls for LLM- and AI-enabled capabilities, including protections around prompt handling, retrieval paths, model-connected integrations, sensitive data exposure, and abusive use patternsAssess software, services, dependencies, infrastructure, and deployment patterns to identify material weaknesses and drive practical corrective actions with engineering partnersRaise the resilience of Rightway's AWS footprint across identity boundaries, network segmentation, key management, service configuration, organizational structure, and detective guardrailsExpand automation for cloud and platform assurance, including infrastructure policy enforcement, configuration review, deployment gating, and runtime visibility in Terraform and CI/CD workflowsSet the approach for risk-based prioritization by combining severity, exploit likelihood, business criticality, and environmental context so the most meaningful issues are addressed firstDefine durable secure engineering expectations that teams can adopt during design, build, test, and release activities without adding unnecessary frictionWork with Product and Engineering leaders to shape secure implementation patterns for new platform capabilities, customer-facing features, and AI-driven functionality before those designs are broadly adoptedRun deep technical reviews for major initiatives, including new services, cloud patterns, external integrations, and emerging architectures that introduce novel attack surfaceGuide authentication, authorization, and trust-boundary decisions for business-critical workflows, including SAML 2.0, OAuth, and OIDC use cases spanning B2B and B2C contextsUnify application and cloud control strategy in areas such as secrets usage, identity design, telemetry, service-to-service trust, and deployment architecture so security decisions remain coherent across the stackCoordinate with Corporate Security where shared capabilities such as logging, alerting, access governance, or incident visibility require common design and operational supportImprove the signal quality of detection, validation, and testing approaches so teams can investigate faster and act on higher-confidence findingsEvaluate, pilot, and operationalize advanced security capabilities, including AI-enabled techniques that improve engineering review, analysis, and remediation outcomesSkills8 to 12 years of experience in security engineering, including substantial hands-on depth across both application or product security and cloud securityA track record of leading difficult technical work across multiple security domains and helping other engineers improve through direction, coaching, and exampleStay current on emerging AI security guidance, including the OWASP Top 10 for LLM Applications and the OWASP GenAI Security Project, and have applied that knowledge in real system designStrong AWS security expertise across IAM, networking, encryption, secrets protection, logging, and multi-account design, and know how to secure infrastructure-as-code and modern delivery pipelinesOperate as a senior technical partner to engineering and infrastructure teams on topics such as identity, service hardening, telemetry, and secure configurationRead and reason about application code and system architecture, and have enough fluency in one or more backend environments such as Ruby, Node.js, or Java to work credibly with developersCommunicate clearly with both technical and non-technical stakeholders and can explain tradeoffs, priorities, and risk to senior leadershipExperience in regulated environments such as healthcare, finance, or educationBenefitsBonusEquityCompany OverviewRightway is a health technology company that is simplifying the healthcare experience for clients and members. It was founded in 2017, and is headquartered in New York, New York, USA, with a workforce of 501-1000 employees. Its website is http://rightwayhealthcare.com.Company H1B SponsorshipRightway has a track record of offering H1B sponsorships, with 2 in 2025, 3 in 2024, 1 in 2022, 2 in 2021. Please note that this does not guarantee sponsorship for this specific role.