|
|
Metriport (https://www.metriport.com/) is an open-source data intelligence platform that helps healthcare organizations access and exchange patient data in real-time. We integrate with all major US healthcare IT systems and tap into comprehensive medical data for 300+ million individuals.
We've found product-market fit with multi-million ARR, 100+ customers (including Strive Health, Circle Medical, and Brightside Health), backing from top VCs, massive recent infusion of capital, and years of runway. We're ready to scale. We're a tight-knit, high-performing team of mostly former founders (including two YC alumni). We're engineering-heavy, operate with minimal bureaucracy and high autonomy, and hire based on competence, not prestige. We push hard—founders work six days a week from our SF office—but give everyone freedom to craft their schedule. We measure output and we're committed to sustainable intensity.
About us
The following points are an assortment of the most relevant bits that will give you the gist of where we’re at, why we’ll win, and our company culture:
We’re a tight-knit, high performing, and passionate team - we work with a consistent intensity and have become a leader in our industry with a fraction of the resources of our competitors.
Consistency means we push as hard as humanly possible, while keeping our health and personal lives in check.
Meaningful work is what gets us out of bed, and we just wouldn’t be satisfied by building yet another CRM company.
By pedigree, we’re a group of underdogs - we don’t hire based on prestige, but on demonstrated competence and perceived potential.
We’re engineering heavy, and most of our engineers are former founders (including 2 ex-YC founders).
We operate as a relatively flat structure with little red tape, forced structure, or bureaucracy. We just opt to get shit done and foster a collaborative environment with high autonomy - our GitHub commit history and product velocity is a testament to this.
The founders set the pace by working 6 days a week in our SF office, but everyone is given full freedom to craft a schedule that’s best for both the team and themselves - team output is measured.
About you
In a nutshell, we're looking for a security engineer with the following specific qualities:
You’re entrepreneurial-minded, with an olympian-level work ethic (nearly our entire engineering team consists of former founders).
You are passionate about security and are excited to own security related projects within the company end-to-end.
You are confident in your ability to build scalable systems across the full stack, and people usually come to you for technical guidance.
You believe you can solve any problem that comes at you, and don't shy away from diving deep into areas where you may lack domain expertise.
You have a strong sense of ownership over your work, and have demonstrated ability to lead others.
You know how to move fast - while still maintaining a strong security posture.
You care more about the end result and delivering value, rather than what new and frilly tech is being used under the hood for a given feature.
When someone scopes out a project with an ETA of 3 weeks, you ask yourself "why can't it be done in 3 days?".
You’re a hacker at heart, and have a good sense of what rules should, and shouldn’t, be broken.
What you'll be doing
After quickly ramping up using our comprehensive onboarding materials to get familiar with our domain, product, and codebase, the goal would be to get you shipping product directly to customers as quickly as possible. Specifically, day to day, this looks like:
Evangelizing security across Metriport’s growing team - we will look to you for guidance, and training.
Driving full-stack security projects , big and small, end-to-end from ideation to production rollout.These projects could include things like:
Implement an enterprise-grade audit logging solution for a new national healthcare network infrastructure stack.
Implement fine grained RBAC on the API key access layer, and more robust roles on our UIs.
Help us revamp our internal security policies and put tools in place to keep the platform, and employees, secure while still allowing the team to be efficient.
Helping the engineering team with PR reviews with a security-focused lens.
Work with the Go to Market team to complete customer security assessments and questionnaires.
Work with the engineering team to harden security across the development lifecycle - think secret management, access controls, and vulnerability scanning.
Managing your own work in Linear.
Participating in bi-weekly sprint planning / retro sessions, and quarterly planning sessions.
Attending a daily 30 minute remote stand-up at 7:30am PST Mon-Fri (our only regular mandatory meeting).
Requirements
You have 6+ years experience in security engineering and information security.
You’re located in San Francisco or the Bay Area (or willing to relocate).
Familiar with HIPAA compliant environments.
Experience rolling out and maintaining security frameworks like SOC 2, NIST, HITRUST, FedRAMP, etc.
Experience rolling out data protection technologies like SSO, MFA, VPN, FIPS, etc.
Experience with organizational secret management.
Experience implementing SCA, SAST, DAST in CICD workflows.
Experience with Mobile Device Management (MDM).
Proficiency in cloud security & networking on AWS - IAM, WAF, KMS, etc.
Proficiency in authentication, cryptography, encryption, and security protocols such as: mTLS, RSA, SSL, HMAC, RBAC, etc.
Bonus: experience with IHE profiles (ATNA, CT, XUA).
Benefits
Competitive equity + compensation package 🚀
Salary range: $160,000,00 - $220,000.00
Full family Platinum health insurance, dental, and vision coverage 🦷
401(k) retirement plan + matching 💰
Flexible work from home or in-office 🏢
Healthy lunches are complimentary when working in-office (and breakfast + dinners as needed) 🍏
Quarterly company off-sites with the team ⛷️
MacBook provided by us 💻
Unlimited PTO (we work hard, but trust you to take time you need to be at your best) 🧘♂️
Our tech
On the frontend, we use React - on the backend, we rely on Node.js and TypeScript for writing core business logic. We deploy a wide range of AWS cloud services (ie ECS, Fargate, Lambda, etc), and manage our infrastructure as code with AWS CDK. Data lives in PostgreSQL, DynamoDB, S3, Snowflake, FHIR servers, and more. We use Oneleet for security and compliance.
Metriport provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability, genetics, sexual orientation, gender identity, or gender expression. We are committed to a diverse and inclusive workforce and welcome people from all backgrounds, experiences, perspectives, and abilities.
|
