About the Role

The Senior Corporate Security Engineer role is responsible for designing, building and operating the technical security systems and controls that protect Charlie Health’s corporate environment, workforce systems, endpoints, SaaS platforms, cloud-connected services and internal operations.

This is a senior hands-on security engineering role requiring expertise in enterprise security, identity and access management, endpoint security, SaaS security, data protection, security automation, cloud security and detection engineering. The Corporate Security Engineer will partner closely with IT Engineering, Information Security, Compliance, Engineering and business teams to reduce risk, improve control maturity and support Charlie Health’s continued growth.

Our IT and Information Security organizations treat security as an engineering discipline. We value ownership, measurable outcomes, automation, reliability, secure-by-design implementation and continuous improvement. The Corporate Security Engineer will build scalable security capabilities that protect sensitive company, employee, clinician and patient data while enabling the business to move quickly and safely.

Charlie Health is also building an AI-native operating model. This role will help secure the enterprise use of AI tools, LLM platforms, AI-enabled workflows and emerging AI security products. The ideal candidate is excited to work with tools and platforms such as OpenAI, Anthropic, LiteLLM, Prompt Security, Pillar and other AI security technologies, while helping define practical controls for safe and responsible AI adoption.

Charlie Health operates in a highly regulated healthcare environment. This role will support security controls aligned to HIPAA, SOC 2, NIST, Zero Trust principles and other applicable regulatory and contractual requirements.

This role can either be in-office or remote.

Responsibilities

Security Engineering & Control Design

• Design, build and operate technical security controls across Charlie Health’s corporate technology environment
• Engineer scalable security solutions for identity, endpoints, SaaS platforms, cloud-connected services, collaboration tools and internal systems
• Translate security requirements into reliable technical controls, automations, detections and operational workflows
• Partner with IT Engineering to embed secure-by-design practices into enterprise systems, integrations and infrastructure
• Establish control patterns that improve security posture, operational efficiency, auditability and resilience

Identity, Access Control & Zero Trust

• Design and improve identity and access controls across workforce systems, SaaS applications and privileged access workflows
• Implement and mature controls for MFA, conditional access, device trust, role-based access, least privilege, service accounts and lifecycle automation
• Partner with IT and business teams to improve joiner, mover, leaver, access review and elevated access processes
• Help advance Charlie Health’s Zero Trust strategy through identity-centric control design, continuous verification and measurable trust signals

Endpoint, SaaS & Cloud Security

• Engineer and improve security controls across Mac, Windows, mobile and BYOD environments
• Partner with endpoint engineering teams to improve secure configuration baselines, MDM policy, EDR coverage, device compliance and vulnerability remediation
• Assess and improve the security posture of corporate SaaS platforms, integrations, APIs and service accounts
• Configure and operationalize security tooling across platforms such as SentinelOne, Wiz, Google Workspace, Okta, Jamf, Microsoft Intune, GitHub, Slack, Atlassian and related systems
• Support cloud security visibility and control implementation across AWS and related services, including use of CloudTrail and other telemetry sources

Detection, Response & Security Operations

• Build and improve detections, alerts, dashboards, runbooks and response workflows across corporate security tooling
• Partner with Expel MDR and internal teams to improve telemetry quality, alert fidelity, investigation workflows and response outcomes
• Support investigation and response for identity, endpoint, SaaS, email, cloud, data exposure and corporate security events
• Tune security tools to reduce noise, improve signal quality and increase confidence in control effectiveness
• Develop repeatable playbooks and operating procedures that improve incident readiness and operational consistency

AI Security & Secure AI Adoption

• Help secure Charlie Health’s use of AI tools, LLM platforms, AI agents and AI-enabled workflows
• Evaluate and operationalize controls for AI data protection, prompt-layer security, access governance, logging and usage monitoring
• Partner with IT, Security, Compliance and business teams to define practical security patterns for tools such as OpenAI, Anthropic, LiteLLM, Prompt Security, Pillar and related platforms
• Assess risks related to sensitive data exposure, PHI leakage, model access, third-party integrations and AI-enabled automation
• Stay current on emerging AI security risks, controls and products, and translate relevant developments into practical improvements

Data Protection & DLP

• Design and operate controls that protect PHI, employee data, clinician data and sensitive company information
• Support DLP strategy across SaaS platforms, endpoints, browsers, collaboration tools, email, cloud services and AI systems
• Improve visibility into sensitive data movement, sharing patterns and policy violations
• Partner with Compliance, Legal, IT and business teams to support data protection requirements and reduce operational risk
• Build automations and reporting that improve DLP response, control monitoring and evidence collection

Security Automation & Engineering Practices

• Build automations that improve security operations, access management, control monitoring, remediation and audit evidence collection
• Use APIs, scripting, webhooks, workflow platforms and infrastructure-as-code practices to reduce manual work and improve control consistency
• Develop maintainable security workflows using tools and languages such as Python, Bash, PowerShell, Workato, Terraform, REST APIs and JSON
• Apply modern engineering practices including version control, code review, documentation, testing and repeatable deployment patterns
• Identify opportunities to simplify security processes while improving reliability and measurable outcomes

Governance, Risk & Compliance Enablement

• Implement and maintain controls that support HIPAA, SOC 2, NIST, ISO 27001 and other applicable frameworks
• Support audit evidence collection, control testing, remediation planning and continuous control monitoring
• Identify security risks, document findings and partner with stakeholders to drive timely remediation
• Translate compliance and risk requirements into practical engineering solutions that support business operations
• Help define metrics that measure control health, security posture, operational maturity and risk reduction

Required Qualifications

• 5+ years of experience in security engineering, corporate security, infrastructure security, enterprise security, IT security, cloud security or a related technical discipline
• Deep hands-on experience designing, building and operating technical security controls in enterprise environments
• Experience securing identity, endpoints, SaaS platforms, collaboration tools, cloud-connected services and internal systems
• Strong experience with identity and access management concepts, including MFA, conditional access, privileged access, lifecycle automation, service accounts and least privilege
• Experience working with security tools such as MDR platforms, EDR, SIEM, cloud security tools, endpoint management tools, vulnerability management tools or DLP systems
• Experience with security platforms and telemetry sources such as Expel MDR, SentinelOne, Wiz, CloudTrail, Sumo Logic or similar tools
• Experience with endpoint security, MDM, secure configuration management and vulnerability remediation across Mac, Windows or mobile environments
• Experience using scripting, APIs or automation tools such as Python, Bash, PowerShell, Workato, Terraform, REST APIs, webhooks or JSON
• Familiarity with detection engineering, alert tuning, incident response workflows and security operations processes
• Strong understanding of Zero Trust principles, identity-centric security, least privilege, device trust and secure system design
• Ability to work cross-functionally with IT, Security, Engineering, Compliance and business stakeholders
• Strong documentation, ownership, judgment and ability to operate independently in ambiguous environments

Preferred Qualifications

• Experience operating at a Staff Engineer or senior technical leadership level
• Experience in healthcare, financial services or other regulated environments
• Experience supporting HIPAA, SOC 2, NIST, ISO 27001 or similar security and compliance frameworks
• Experience securing enterprise AI tools, LLM platforms, AI agents or AI-enabled workflows
• Exposure to AI platforms and security tools such as OpenAI, Anthropic, LiteLLM, Prompt Security, Pillar or similar technologies
• Experience with DLP, CASB, SSPM, browser security, SaaS posture management or data discovery tools
• Experience securing Google Workspace, Okta, Jamf, Microsoft Intune, GitHub, Slack, Atlassian, AWS or similar enterprise platforms
• Experience building automations using REST APIs, webhooks, JSON, service accounts and API authentication patterns
• Experience partnering with managed security providers, MDR teams, external auditors or compliance teams
• Familiarity with AI security risks including sensitive data exposure, prompt injection, model access control, third-party plugin risk and AI system logging

Benefits

Charlie Health is pleased to offer comprehensive benefits to all full-time employees. Read more about our benefits here.

Additional Information

The total target base compensation for this role will be between $180,000 and $240,000 per year at the commencement of employment. Please note, pay will be determined on an individualized basis and will be impacted by location, experience, leveling, expertise, internal pay equity, and other relevant business considerations. Further, cash compensation is only part of the total compensation package, which, depending on the position, may include stock options and other Charlie Health-sponsored benefits.

 #LI-HYBRID