At Nuna, our mission is to make high-quality healthcare affordable for everyone. We are dedicated to tackling one of our nation’s biggest problems with ingenuity, creativity, and a keen moral compass.

Nuna is committed to simple principles: a rigorous understanding of data, modern technology, and most importantly, compassion and care for our fellow humans. We want to know what really works, what doesn't—and why.

Nuna partners with healthcare payers, including government agencies, health plans, and self-insured employers, to turn data into learnings and information into meaning.

The Nuna Security team is responsible for protecting the confidentiality, integrity, and availability of all healthcare data, client information, intellectual property, and employee data entrusted to our organization. We stay ahead of the constantly evolving threat landscape by building and maintaining automated solutions, fostering a security aware culture across teams, and constantly challenging assumptions. We thrive on our ability to participate and give back to the healthcare industry and security community through leadership, education, and code.

As a Senior Security Engineer, you will protect the data of tens of millions of Americans by working closely with our distributed compliance, privacy, and engineering teams to audit and harden our products and internal tooling. As part of this role, you will:
  • Collaborate with engineering and product stakeholders to build threat models and design controls to ensure that our nation-scale healthcare data is protected.
  • Partner with other teams to identify and evaluate risk and provide recommendations for mitigation and remediation.
  • Encourage adoption of security best practices and architecture changes throughout the company via evangelism and education.
  • Lead the design and development of security capabilities such as static analysis, threat modeling, security requirements enforcement, and security linting as part of a CI/CD development process.
  • Mentor and educate other security engineers about best practices, scalable security tooling, secure AWS development, etc.

Skills and responsibilities

  • 5+ years of security experience with a clear understanding of industry best practices and a demonstrated ability to respond to evolving risks.
  • Proven leadership, organization, and communication skills. Possessing the ability to effectively prioritize tasks across multiple stakeholders.
  • Capable of analyzing requirements, designing system-level threat models, and defining and managing resultant security requirements.
  • Proficient at configuring and hardening Linux and ancillary services using cloud orchestration and infrastructure-as-code.
  • Proficient with authentication and authorization technologies such as Active Directory and SSO/SAML.
  • Proficient with log analysis and auditing platforms such as Splunk.
  • Proficient with Python or related scripting languages with experience applying fundamental computer science & software engineering practices.

Bonuses include...
  • Experience with healthcare and government regulatory requirements.
  • Willingness to conduct research, write white papers, and present technical content at local events and conferences.

Technologies Used By Security to Support our Work at Nuna:
  • Cloud: EC2, S3, SQS, RedShift, EMR, RDS, ELB, AWS VPCs and networking, etc
  • Operating systems: Linux, OS X and Windows
  • Languages: Python, Go, Bash (knowledge of Java and Javascript a plus)
  • Cloud orchestration framework: Vagrant, Packer, Jenkins, CloudFormation
  • Metrics and reporting: Splunk, AWS Config, AWS SNS, AWS CloudWatch
  • Coordination & collaboration tools: Jira, Confluence, Slack, GSuite


  • Location:
    San Francisco
    Remote hiring available in: CA, UT, WA, MA, CT, MD, VA, NY, IL, and DC
  • This job is remote friendly.
  • Deadline: n/a


Minimum qualifications