Doctronic

Information Security Engineer

5mo ago
180000 –240000 USD / yearUSARemote
Doctronic

Information Security Engineer

5mo ago
180000 –240000 USD / yearUSARemotehipaasoc 2penetration testingvulnerability assessmentsecurity policiessecurity automationsecurity monitoring

Responsible for maintaining and strengthening the security posture and compliance of a healthcare AI platform.

Responsibilities

  • We're looking for an Information Security Engineer to own our security posture. We're HIPAA-compliant and SOC 2 Type II certified—you'll maintain and strengthen that foundation as we scale to serve millions of patients and enterprise partners.
  • This role is critical to our mission. When you're protecting healthcare data, security isn't just best practice—it's a sacred responsibility. You'll combine hands-on technical work with strategic security leadership, ensuring Doctronic remains the most trusted AI diagnostic platform in healthcare.
  • Maintain SOC 2 Type II compliance and manage ongoing audits with external assessors
  • Implement and monitor HIPAA technical safeguards across our infrastructure and applications
  • Conduct and coordinate regular penetration testing, vulnerability assessments, and security reviews
  • Complete vendor security reviews and respond to enterprise security questionnaires from health systems and payers
  • Implement and enforce security policies across engineering, operations, and business teams
  • Respond to security incidents with urgency and thoroughness, conducting post-incident analysis
  • Build security automation and monitoring to scale protection as the company grows
  • Collaborate with engineering teams to embed security best practices into the development lifecycle
  • Stay current on emerging threats, vulnerabilities, and regulatory requirements in healthcare technology

Requirements

  • 7+ years of information security experience in production environments
  • Healthcare or fintech background required—you understand regulated industry security requirements
  • Hands-on technical ability, not just policy and paperwork—you can read code, configure systems, and investigate incidents
  • Deep experience with SOC 2, HIPAA, or equivalent compliance frameworks
  • Familiarity with AWS security controls, IAM, encryption, and cloud security best practices
  • Strong communicator who can translate security requirements for technical and non-technical audiences
  • Proactive problem-solver who anticipates risks before they materialize
  • Collaborative partner who enables teams to move fast while staying secure

Nice to have

  • CISSP, CISM, CISA, or equivalent security certification
  • Experience with health information exchanges, TEFCA, QHIN, or interoperability standards
  • Startup security experience—building security programs from scratch vs. maintaining established ones
  • Familiarity with AI/ML security considerations and model protection
  • Experience with mobile app security (iOS/Android)
  • Knowledge of medical device security standards or FDA digital health guidance
  • Background in application security, secure SDLC, or DevSecOps

Conditions

  • Base Salary: $180K-$240K + Equity
  • New York City | On-site Join our NYC team and work directly with engineering and product teams to build security into everything we do.
  • Equity Opportunities Share in Doctronic's growth as we transform healthcare with AI.
  • Comprehensive Health Benefits We offer comprehensive health, dental, and vision coverage—plus mental health support and flexible time off—because caring for others starts with caring for ourselves.
  • Building AI That Matters Join Doctronic and work with cutting-edge AI that's transforming healthcare and helping people make faster, smarter decisions.

Other

  • Doctronic is the first AI legally authorized to practice medicine. We're processing millions of consultations monthly with 99%+ treatment plan accuracy validated by board-certified clinicians.
  • Director of Engineering