Lead Security Engineer

About the Role We’re looking for a detail oriented and technically proficient individual to join us in maturing the Application and Product Security group within the Security team. This function is growing, and you will have an opportunity to help shape the group's direction and grow with it. Security Engineers will evaluate requests for the use of new AWS services, make recommendations whether the service should be used in our environment and if approved assess the risks, and create standards and guidelines for use of those services. They will also improve and secure/harden CI/CD pipelines and other related DevOps and DevSecOps processes. What You'll Accomplish Evaluate requests for the use of new AWS services, make recommendations whether the service should be used in our environment and if approved assess the risks, create standards and guidelines for use of those services. Review proposed changes and additions to AWS infrastructure against the Security pillar of the AWS Well-Architected Framework, HIPAA, HITRUST, other regulatory requirements and other security best practices and frameworks as needed. Contribute to the improvement of existing standards and guidelines for the use of IaaS infrastructure and related SaaS platforms including those hosted within AWS. Review Terraform Infrastructure as Code (IaC) change requests to ensure the changes meet all security requirements and verify the change being made adheres to the reviewed design. Contribute to DevOps and DevSecOps, tooling, procedures and technical security controls Review current and proposed integrations between Hinge Health infrastructure and third party SaaS platforms and integrations partners/clients. Assist Security Risk team with risk assessments of these platforms and integrations and the IAM team with any required service accounts, API keys, etc Contribute to the improvement of Software Development Life Cycle management policies, procedures, and standards. Implement automated security scanning tools (SCA, SAST, DAST, etc.) into the CI/CD pipeline and assist with triage and risk assessment of results. Hinge Health Hybrid Model We believe that remote work and in-person work have their own advantages and disadvantages, and we want to be able to leverage the best of both worlds. Employees in hybrid roles are required to be in the office 3 days/week. Basic Qualifications 8+ years of experience as a Security Engineer 2+ years experience supporting and advising Engineering teams with security controls on any of the following: infrastructure (AWS), SaaS tools, and Application Security 2+ years experience advising engineering teams on remediation of source code and infrastructure security vulnerabilities Preferred Qualifications Bachelor's degree in Computer Science or equivalent technical degree Securing Cloud Infrastructure: Demonstrated experience using control frameworks (HITRUST CSF, NIST), vendor best practices (e.g., AWS Well-Architected Framework), and security industry standards to establish policies, procedures, and standards for securing cloud-hosted services. This includes applying the principle of least privilege in designing AWS IAM permissions and securing Amazon EKS, Aurora, and S3. Automating Security Testing: Proven ability to configure and automate security scans within the CI/CD process, interpret results, and collaborate with engineers to prioritize and remediate security risks. Incident Handling: Expertise in acting as a subject matter expert on security controls, internal communications, and infrastructure during security incidents related to cloud-based applications. Risk Assessment and Mitigation: Strong ability to assess vulnerabilities, evaluate risk, and prioritize remediation work based on the impact and severity of the security issues. About Hinge Health Hinge Health is moving people beyond pain by transforming the way it is treated and prevented. Connecting people digitally and in-person with expert clinical care, we combine advanced technology, AI and a care team of experts to guide people through personalized care directly from their phone. Our approach is proven to reduce pain by 68%, prevent 42% of new opioid prescriptions, and avoid more than half of joint replacement surgeries. Available to 18M people, Hinge Health is trusted by leading health plans and employers, including Land O’Lakes, L.L. Bean, Salesforce, Self-Insured Schools of California, Southern Company, City of Boston, US Foods, and Verizon. Learn more at http://www.hingehealth.com What You'll Love About Us Inclusive healthcare and benefits: On top of comprehensive medical, dental, and vision coverage, we offer employees and their family members help with gender-affirming care, tools for family and fertility planning, and travel reimbursements if healthcare isn’t available where you live. Planning for the future: Start saving for the future with our traditional or Roth 401k retirement plan options which include a 2% company match. Modern life stipends: Manage your own learning and development Diversity and Inclusion We’re committed to building diverse teams that reflect the communities we serve. Visit hingehealth.com/diversity-equity-and-inclusion to learn more about what moves us. Hinge Health is an equal opportunity employer and prohibits discrimination and harassment of any kind. We make employment decisions without regards to race, color, religion, sex, sexual orientation, gender identity, national origin, age, veteran status, disability status, pregnancy, or any other basis protected by federal, state or local law. Workday ID JR998


Basic Qualifications 8+ years of experience as a Security Engineer 2+ years experience supporting and advising Engineering teams with security controls on any of the following: infrastructure (AWS), SaaS tools, and Application Security 2+ years experience advising engineering teams on remediation of source code and infrastructure security vulnerabilities Preferred Qualifications Bachelor's degree in Computer Science or equivalent technical degree Securing Cloud Infrastructure: Demonstrated experience using control frameworks (HITRUST CSF, NIST), vendor best practices (e.g., AWS Well-Architected Framework), and security industry standards to establish policies, procedures, and standards for securing cloud-hosted services. This includes applying the principle of least privilege in designing AWS IAM permissions and securing Amazon EKS, Aurora, and S3. Automating Security Testing: Proven ability to configure and automate security scans within the CI/CD process, interpret results, and collaborate with engineers to prioritize and remediate security risks. Incident Handling: Expertise in acting as a subject matter expert on security controls, internal communications, and infrastructure during security incidents related to cloud-based applications. Risk Assessment and Mitigation: Strong ability to assess vulnerabilities, evaluate risk, and prioritize remediation work based on the impact and severity of the security issues.


About Hinge Health Hinge Health is moving people beyond pain by transforming the way it is treated and prevented. Connecting people digitally and in-person with expert clinical care, we combine advanced technology, AI and a care team of experts to guide people through personalized care directly from their phone. Our approach is proven to reduce pain by 68%, prevent 42% of new opioid prescriptions, and avoid more than half of joint replacement surgeries. Available to 18M people, Hinge Health is trusted by leading health plans and employers, including Land O’Lakes, L.L. Bean, Salesforce, Self-Insured Schools of California, Southern Company, City of Boston, US Foods, and Verizon. Learn more at http://www.hingehealth.com What You'll Love About Us Inclusive healthcare and benefits: On top of comprehensive medical, dental, and vision coverage, we offer employees and their family members help with gender-affirming care, tools for family and fertility planning, and travel reimbursements if healthcare isn’t available where you live. Planning for the future: Start saving for the future with our traditional or Roth 401k retirement plan options which include a 2% company match. Modern life stipends: Manage your own learning and development Diversity and Inclusion We’re committed to building diverse teams that reflect the communities we serve. Visit hingehealth.com/diversity-equity-and-inclusion to learn more about what moves us. Hinge Health is an equal opportunity employer and prohibits discrimination and harassment of any kind. We make employment decisions without regards to race, color, religion, sex, sexual orientation, gender identity, national origin, age, veteran status, disability status, pregnancy, or any other basis protected by federal, state or local law.