Product Security Engineer

We’re fixing one of the most broken and costly pieces of the US healthcare system: medical billing.

Today, healthcare providers spend over $250B each year on administrative overhead just to get paid by insurance. Medical billing is expensive because it’s nuanced and hard - maybe ~100x harder than credit card payment processing - and because it’s traditionally done by armies of humans who track and manage complex rules and processes specific to individual insurance companies with little or no supporting software. We’re rethinking medical billing from the ground up, building software backed by best-in-class data science (and, soon, a dash of machine learning) to automate much of this complexity so healthcare providers can get paid dramatically more easily and inexpensively.

We were in the Y Combinator W20 batch and have since been well funded by a world-class group of funds (8VC, First Round Capital, BoxGroup, Oak HC/FT) + angel investors. We're now helping our customers treat opioid addiction, provide holistic care for women, lose weight, increase access to mental health care, and much more. This is such important and gratifying work; we can't wait for you to join our team and help support some of the most important innovation happening in healthcare today!

Curious to learn more about our story? Check out this blog post written by our founders.

We are looking for a Product Security Engineer to join our team and act as a champion for security within our product engineering organization. You will be responsible for ensuring our products are designed, developed, and maintained with security as a core pillar. You will work in partnership with development squads to perform threat modeling, guide secure architecture decisions, and automate security gates in our CI/CD pipelines.

• →

• Proficiency in one or more programming languages (e.g., Python, Go, Java, or JavaScript).

• Deep understanding of modern web/cloud architecture (e.g., APIs, Microservices, Kubernetes, AWS/GCP/Azure).

• Familiarity with the OWASP Top 10 and common exploitation techniques.

• Experience with Infrastructure as Code (IaC) security (e.g., Terraform, CloudFormation).

• Experience in designing cryptographic implementations or secure authentication/authorization flows (e.g., OAuth, OIDC, JWT).

• Knowledge of compliance frameworks relevant to our industry (e.g., SOC2, ISO27001, HIPAA).

The estimated starting annual salary range for this position is $180,000 - 258,000 USD. The listed range is a guideline from Pave data, and the actual base salary may be modified based on factors including job-related skills, experience/qualifications, interview performance, market data, etc. Total compensation for this position may also include equity, sales incentives (for sales roles), and employee benefits. Given Candid Health’s funding and size, we heavily value the potential upside from equity in our compensation package. Further note that Candid Health has minimal hierarchy and titles, but has broad ranges of experience represented within roles.