Staff Security Engineer (App & Product Sec)

At Sprinter Health our mission is reimagining how people access care by bringing it directly to their homes. Nearly 30% of patients in the U.S. skip preventive or chronic care simply because they can’t get to a doctor’s office. For many the ER becomes their first touchpoint with the healthcare system driving over $300B in avoidable costs every year.

By using the same technologies that power leading marketplace and last-mile platforms we deliver care where people are especially those who need it most. So far we’ve supported more than 2 million patients across 22 states completed 130000+ in-home visits and maintained a 92 NPS. Our team of clinicians technologists and operators has raised over $125M from investors like a16z General Catalyst GV and Accel and enjoys multi-year runway.

We’re looking for a Staff Security Engineer to be Sprinter’s first dedicated security hire and help build the foundation for how security scales across the company.

This is a high-ownership role for someone who can operate strategically and hands-on. You’ll define our security roadmap strengthen our cloud and application security posture support HIPAA SOC 2 and HITRUST readiness and partner closely with engineering product IT legal operations and leadership to make security a core part of how we build and operate.

As our first security function hire you will not just execute against an existing program. You’ll help decide what the program should be. That includes designing controls implementing tools driving vulnerability management supporting partner security reviews improving IAM embedding security into the SDLC and helping Sprinter make smart risk decisions as we scale.

This role is ideal for someone who wants to build a security function from the ground up in a high-growth mission-driven healthcare company.

We are a hybrid company based in the Bay Area with offices in both San Francisco and Menlo Park. For this role we are also open to considering remote candidates. We will give priority to candidates who are based in or open to working from the San Francisco Bay Area.

• Build and lead Sprinter’s security program as the company’s first dedicated security hire

• Define and execute a practical security roadmap across cloud infrastructure application security compliance identity vendor risk and incident readiness

• Design implement and maintain security controls that support HIPAA SOC 2 and HITRUST requirements

• Partner with legal product IT engineering and operations teams to ensure ongoing audit readiness and compliance maturity

• Improve security across AWS and GCP environments including IAM networking encryption secrets management and cloud-native application security

• Evaluate and implement security tooling for vulnerability management cloud security posture management security monitoring DAST and related needs

• Lead vulnerability management efforts across applications infrastructure cloud environments and third-party systems

• Coordinate penetration testing efforts work with external security partners and drive remediation with engineering teams

• Embed security into the software development lifecycle through secure design reviews CI/CD checks developer guidance and pragmatic security standards

• Own or support partner customer and vendor security reviews including questionnaires risk assessments and remediation planning

• Strengthen identity and access management across internal systems applications and cloud environments

• Develop clear security policies procedures documentation and reporting for internal teams and senior leadership

• Advise on AI security best practices as Sprinter adopts and builds AI-enabled systems including data handling model risk application security and privacy controls

• Build strong working relationships across teams so security is viewed as a partner to the business not a blocker

• Spent 8+ years in security engineering cloud security application security infrastructure security DevSecOps or related roles

• Built or meaningfully scaled a security function security program or major security domain in a high-growth environment

• Operated as a senior technical owner for security across engineering infrastructure product IT and compliance stakeholders

• Worked hands-on with cloud security in AWS GCP or similar cloud environments

• Implemented security controls that support compliance frameworks such as HIPAA SOC 2 HITRUST ISO 27001 or similar

• Led vulnerability management penetration testing coordination remediation workflows and security assessments

• Partnered with engineering teams to embed security into architecture development CI/CD and production operations

• Worked with identity and access management systems such as Okta Auth0 SSO MFA RBAC or related tooling

• Evaluated selected or implemented security tools such as SIEM DAST vulnerability scanners CSPM endpoint security or monitoring platforms

• Used scripting or infrastructure-as-code tools such as Python Bash Terraform or similar to automate security workflows

• Communicated security risks tradeoffs and priorities clearly to technical and non-technical stakeholders

• Made practical risk decisions in environments where speed ambiguity compliance and security all matter

• You’ve been the first security hire or an early security leader at a startup

• You’ve built security programs in healthcare fintech insurance logistics marketplace or other regulated or operationally complex environments

• You have deep experience with HIPAA SOC 2 HITRUST or healthcare security and privacy requirements

• You’ve supported customer partner or enterprise security reviews in a B2B or healthcare environment

• You’ve helped prepare for or lead security audits and compliance assessments

• You have experience with AI security including secure AI application development model risk data privacy adversarial risk or AI governance

• You’ve worked closely with product and engineering teams to make security usable scalable and developer-friendly

• You have experience with container security Kubernetes network security endpoint security or encryption standards

• You hold certifications such as CISSP CISM AWS Certified Security Specialty CEH or similar

We aim to complete the interview process within 2–3 weeks. It will usually consist of:

• Recruiter Screen: Background fit motivation and compensation alignment

• Hiring Manager Interview: Security leadership technical depth and first-of-function experience

• Technical Interview: Cloud security application security compliance vulnerability management and security architecture

• Cross-Functional Interview: Collaboration style and ability to partner with engineering product IT legal and operations

• References: Validation of performance judgment and working style

• Meaningful pre-IPO equity

• Medical dental and vision plans 100% paid for you and your dependents

• Flexible PTO + 10 paid holidays per year

• 401(k) with match

• 16-week parental leave policy for birthing parent 8 weeks for all other parents

• HSA + FSA contributions

• Life insurance plus short and long-term disability coverage

• Free daily lunch in-office

• Annual learning stipend

• Relocation assistance

• AWS

• GCP

• Terraform and infrastructure-as-code tooling

• TypeScript

• Python

• Bash

• CI/CD systems

• Okta

• Auth0

• SIEM DAST vulnerability management and cloud security tooling

• Identity access and secrets management systems

• Cloud networking and infrastructure tooling

• Container and deployment systems

• Serverless AWS including AppSync DynamoDB Lambda Amplify CloudFormation and Node

• GraphQL

• React Native and React Native for Web

Sprinter Health is an equal opportunity employer. We value diversity at our company. We do not discriminate on the basis of race religion color national origin gender sexual orientation age marital status veteran status disability status or other protected classes.

Beware of recruitment fraud and scams that involve fictitious job descriptions followed by false job offers.

If you are applying for a job you can confirm the legitimacy of a job posting by viewing current open roles on our official Sprinter Health Careers website. All legitimate job postings will require an application to be made directly on our official Sprinter Health Careers website. Job-related communications will only be sent from email addresses ending in @sprinterhealth.com. Please ensure that you’re only replying to emails that end with @sprinterhealth.com.

What We Do

At Sprinter Health we're focused on dramatically expanding access to healthcare by reimagining the patient experience—delivered at home and powered by technology for scale. We’re a boots-on-the-ground clinician network for the tele-health age bringing routine blood draws labs and vitals checks into people's busy lives. We have completed over 140000 appointments in 2025 across the US!

Why Work With Us

Sprinter Health is reinventing access to care founded by the co-founder of Oculus in 2020. With tech AI and an incredible clinical team we bring preventive care into patients’ homes—reaching the vulnerable communities the healthcare system often misses. Join us in a supportive flexible family-friendly culture.

Gallery