Principal Security Engineer

Nursa is a healthcare platform that directly addresses the severe staffing challenges confronting the U.S. healthcare system by connecting qualified registered nurses (RNs), licensed practical nurses (LPNs), and certified nursing assistants (CNAs) seeking flexible work with facilities in need of help. Founded in 2019, we are a growing venture backed startup whose mission is to put a nurse at the bedside of every patient in need. With your help, we will be able to enrich the lives of nurses and be a valued partner in delivering effective, compassionate patient care in every market we serve.

Job Summary:

We are seeking an experienced and dynamic Principal Security Engineer to join our team. In this role, you will play a critical part in shaping and executing our security strategy, ensuring that our platform, infrastructure, and data are protected from evolving threats. You will work closely with cross-functional teams including engineering, product, and compliance to implement security best practices and maintain compliance with healthcare and technology regulations and standards.

This role is an individual contributor role that requires strong leadership capabilities. It has a likelihood to grow into a management role.

Key Responsibilities:

• Security Architecture & Design: Lead the design, implementation, and evaluation of security architecture to protect the platform, data, and systems across our cloud-based infrastructure. 

• Vulnerability Management: Facilitate regular vulnerability assessments, penetration testing, and security audits. Proactively address identified risks or weaknesses in the system.

• Incident Response: Lead the investigation and response to security incidents, providing analysis, root cause identification, and implementing corrective actions.

• Compliance & Risk Management: Ensure the company’s security posture aligns with industry regulations and standards (e.g. SOC) and support audits and certifications as necessary.

• Security Best Practices: Develop, document, and enforce security policies, guidelines, and procedures across engineering, product, and IT teams. Prepare and present regular reports to executive management highlighting key security metrics, risks, and remediation efforts.

• Collaboration & Mentorship: Work closely with engineers, DevOps, and IT teams to integrate security into the development lifecycle (DevSecOps). 

• Threat Intelligence: Stay ahead of emerging security threats and vulnerabilities, analyzing industry trends and incorporating proactive measures into the security framework.

• Cloud Security: Ensure the security of cloud-based services, primarily GCP, by configuring security controls, access management, and ensuring secure deployment practices.
  

Required Qualifications:

This role requires the ability to operate independently while working collaboratively. Self awareness and open communication will be crucial in prioritizing effectively. 

• Education: Bachelor's degree in Computer Science, Information Security, or a related field (or equivalent practical experience).

• Experience: 5+ years of experience in information security, with at least 2 years in a senior or leadership role, preferably within healthcare, fintech, or regulated industries.

• Certifications: CISSP, CISM, or similar industry-standard security certifications preferred.

• Technical Skills:

  • Cloudflare Expertise: Proven experience in configuring and managing Cloudflare services for securing web applications, DDoS protection, WAF (Web Application Firewall), DNS management, and CDN performance optimization.

  • Robust experience in securing cloud environments (AWS, Azure, GCP).

  • Proficiency in network security, cryptography, and identity and access management (IAM).

  • Familiarity with common web application vulnerabilities (OWASP Top 10) and mitigation strategies.

  • Proficient in security tools and frameworks (e.g., intrusion detection, SIEM, firewalls, endpoint protection).

  • Familiarity with containerization technologies (Docker, Kubernetes) and securing containerized applications.

• Communication: Excellent written and verbal communication skills, with the ability to explain complex security issues to both technical and non-technical stakeholders.

What you get in return:

• Opportunity to revolutionize healthcare industry and build both relationships and teams that make a tangible impact 

• We empower team members to act intelligently and be owners, believing that execution is everything, and have designed a learning-focused environment where you get ongoing support and regular feedback to help you grow

• An opportunity to join an international team with a work culture that is based on trust, flexibility, and curiosity

• Competitive salary and benefits

Closing:

Nursa is an equal opportunity employer. We aim to build a workforce of individuals from different backgrounds, with different abilities, identities, and mindsets. Even if you do not meet all of the qualifications listed above, we encourage you to apply!