Doctronic
Information Security Engineer
5mo ago
180000 –240000 USD / yearUSARemotehipaasoc 2penetration testingvulnerability assessmentsecurity policiessecurity automationsecurity monitoring
Responsible for maintaining and strengthening the security posture and compliance of a healthcare AI platform.
Responsibilities
- We're looking for an Information Security Engineer to own our security posture. We're HIPAA-compliant and SOC 2 Type II certified—you'll maintain and strengthen that foundation as we scale to serve millions of patients and enterprise partners.
- This role is critical to our mission. When you're protecting healthcare data, security isn't just best practice—it's a sacred responsibility. You'll combine hands-on technical work with strategic security leadership, ensuring Doctronic remains the most trusted AI diagnostic platform in healthcare.
- Maintain SOC 2 Type II compliance and manage ongoing audits with external assessors
- Implement and monitor HIPAA technical safeguards across our infrastructure and applications
- Conduct and coordinate regular penetration testing, vulnerability assessments, and security reviews
- Complete vendor security reviews and respond to enterprise security questionnaires from health systems and payers
- Implement and enforce security policies across engineering, operations, and business teams
- Respond to security incidents with urgency and thoroughness, conducting post-incident analysis
- Build security automation and monitoring to scale protection as the company grows
- Collaborate with engineering teams to embed security best practices into the development lifecycle
- Stay current on emerging threats, vulnerabilities, and regulatory requirements in healthcare technology
Requirements
- 7+ years of information security experience in production environments
- Healthcare or fintech background required—you understand regulated industry security requirements
- Hands-on technical ability, not just policy and paperwork—you can read code, configure systems, and investigate incidents
- Deep experience with SOC 2, HIPAA, or equivalent compliance frameworks
- Familiarity with AWS security controls, IAM, encryption, and cloud security best practices
- Strong communicator who can translate security requirements for technical and non-technical audiences
- Proactive problem-solver who anticipates risks before they materialize
- Collaborative partner who enables teams to move fast while staying secure
Nice to have
- CISSP, CISM, CISA, or equivalent security certification
- Experience with health information exchanges, TEFCA, QHIN, or interoperability standards
- Startup security experience—building security programs from scratch vs. maintaining established ones
- Familiarity with AI/ML security considerations and model protection
- Experience with mobile app security (iOS/Android)
- Knowledge of medical device security standards or FDA digital health guidance
- Background in application security, secure SDLC, or DevSecOps
Conditions
- Base Salary: $180K-$240K + Equity
- New York City | On-site Join our NYC team and work directly with engineering and product teams to build security into everything we do.
- Equity Opportunities Share in Doctronic's growth as we transform healthcare with AI.
- Comprehensive Health Benefits We offer comprehensive health, dental, and vision coverage—plus mental health support and flexible time off—because caring for others starts with caring for ourselves.
- Building AI That Matters Join Doctronic and work with cutting-edge AI that's transforming healthcare and helping people make faster, smarter decisions.
Other
- Doctronic is the first AI legally authorized to practice medicine. We're processing millions of consultations monthly with 99%+ treatment plan accuracy validated by board-certified clinicians.
- Director of Engineering