Senior SecOps Engineer

In Brief

• We're an early-stage startup that’s building a health AI platform to help clinicians make better use of real-time data to reduce preventable complications and save patient lives.

• We’re looking for a Senior Security Operations Engineer to lead security infrastructure and operations at Bayesian Health. This is our first dedicated security hire — an opportunity to advocate for and implement modern security practices, shape our security roadmap, and directly contribute to a platform that improves patient outcomes.

Who We Are

Bayesian Health’s mission is to improve patient outcomes by empowering clinicians with the insights they need to make the right decision for the right patient at the point-of-care. We’re a diverse team of clinicians, engineers, machine learning experts, product designers, and performance improvement leaders committed to enabling smarter, patient-specific care delivery through unlocking the power of data.

We’re funded by top tier tech and biotech investors: Obvious Ventures, Andreessen Horowitz, American Medical Association’s venture arm, Catalio Partners, and LifeForce Capital. Our company has won many awards; most recent recognitions include: Forbes AI Top 50, World Economic Forum Tech Pioneer, Time Best Inventions, BioTech AI Company of the Year.

Read more about our recent publication in Nature Medicine that associates our products with lives saved.

What You’ll Do

You’ll own our security operations from the ground up — implementing technical safeguards, writing automated checks, and ensuring that our systems are secure by default. You’ll be a key partner in preparing for HITRUST r2 certification and supporting ongoing FDA compliance. This is a hands-on role for someone who wants both ownership and impact — and who sees security as a lever to build trust and resilience in healthcare systems.

Responsibilities

• Security program leadership: Shape our security roadmap by interpreting regulatory and client requirements (HITRUST, HIPAA/HITECH, FDA) and translating them into pragmatic policies and practices.

• Infrastructure and endpoint protection: Design and implement technical safeguards across our AWS environments, Google Workspace, and workstations, including secure-by-default configurations and automated enforcement.

• Proactive monitoring and detection: Configure and operate runtime alerting using tools like Datadog and Nightfall to identify and respond to threats such as privilege escalation or data exfiltration.

• Access control and data governance: Build automated audits to validate IAM policies, VPN configurations, and PHI access controls; partner with engineering to reduce risk in new deployments and integrations.

• Vulnerability and risk management: Own the vulnerability lifecycle by coordinating pen tests, running automated scans, triaging and remediating findings, and performing security risk assessments.

• Secure development lifecycle support: Partner with engineers and data scientists to promote secure SDLC practices, including secrets management, CI/CD hardening, and automated security checks.

Minimum qualifications

• 5+ years of experience in security operations, infrastructure security, or cloud security roles.

• Deep familiarity with AWS security tooling and cloud networking.

• Hands-on experience with endpoint management tools and security automation.

• Experience implementing SIEM or XDR solutions (e.g., Datadog, Splunk, Sentinel).

• Experience conducting or supporting audits for HITRUST, SOC 2, or similar frameworks.

• Deep understanding of securing sensitive healthcare data (PHI/PII) in cloud environments.

• Excellent written and verbal communication skills.

• Excited to work in a fast-paced, remote-first startup.

Preferred qualifications

• Experience securing systems in healthcare, life sciences, or similarly regulated industries.

• Experience with FDA cybersecurity guidance or medical device security standards (e.g. premarket guidance, postmarket management).

• Knowledge of AAMI TIR-57, IEC 81001-5-1 or other Medical Product Security Standards.