[Remote] Lead Security Engineer

Note The job is a remote job and is open to candidates in USA. Hinge Health is a company focused on using technology to improve healthcare delivery, particularly for musculoskeletal conditions. They are seeking a Lead Security Engineer to build security guardrails and standards for their AI-assisted development platform, ensuring compliance and privacy while enabling fast and safe engineering practices.

Responsibilities

Audit current cloud security posture and IAM architecture across our AWS environment; build relationships with key stakeholders in Application Security, SRE, and R&D Engineering Assess existing AI-assisted development tooling (Claude Code, Cursor, MCP gateway) for security risks and begin developing a governance framework Design and implement AI-driven tools and workflows to enhance security monitoring, threat detection, incident response, and IAM governance Develop and enforce policies and protocols to protect AI tools and platforms from misuse, data breaches, and external threats — including secure agent sandboxing and MCP server governance Deliver IAM solutions enabling secure, granular access controls that enforce least privilege principles, utilizing automation and AI for privilege escalation and approvals Own the security strategy for AI-enabled development and cloud infrastructure, acting as the primary subject matter expert for security engineering across the organization Ensure all compliance regulations — including HIPAA, privacy, and relevant security frameworks — are met for new services, AI tooling, and infrastructure Develop and drive cybersecurity initiatives related to incident response, threat intelligence, vulnerability management, and monitoring tools Mentor team members in adopting new security tools and processes; educate the broader organization through knowledge-sharing sessions and author clear technical proposals with measurable security OKRs Skills Bachelor's degree in a technical, engineering, or scientific field — or comparable education/experience 7+ years in cybersecurity, with 3+ years focused on security operations or IAM 5+ years of experience in cloud security operations, specifically AWS 3+ years of coding experience (e.g., Python, Go, or TypeScript) with hands-on experience developing Terraform and infrastructure-as-code Hands-on experience securing AI/ML systems, including data pipelines, model deployments, API integrations, and their security challenges AWS Solutions Architect or Security Specialty certification AI/ML security certifications or familiarity with adversarial machine learning threats and mitigation strategies Experience building or integrating security controls into CI/CD pipelines and AI-assisted development workflows Experience managing an Enterprise IdP, especially Okta, with deep understanding of OAuth 2.0 and SAML SOC 2, PCI, or HIPAA audit/training certifications Knowledge of low-level networking principles Benefits Inclusive healthcare and benefits On top of comprehensive medical, dental, and vision coverage, we offer employees and their family members help with gender-affirming care, tools for family and fertility planning, and travel reimbursements if healthcare isn't available where you live. Start saving for the future with our traditional or Roth 401k retirement plan options which include a 2% company match. Modern life stipends Manage your own learning and development. Company Overview Hinge Health is a digital clinic for joint, and muscle care, pelvic pain, bowel, and bladder control. It was founded in 2014, and is headquartered in San Francisco, California, USA, with a workforce of 1001-5000 employees. Its website is http//hingehealth.com/. Company H1B Sponsorship Hinge Health has a track record of offering H1B sponsorships, with 2 in 2026, 32 in 2025, 18 in 2024, 9 in 2023, 17 in 2022, 13 in 2021, 7 in 2020. Please note that this does not guarantee sponsorship for this specific role. Apply To This Job