Lead Security Engineer

Solace is a healthcare advocacy marketplace that connects patients and families to experts who help them understand and take charge of their personal health.

🔥 About Solace

By harnessing the power of human connection through technology, Solace is transforming healthcare in the U.S.

Healthcare in the U.S. is fundamentally broken. The system is so complex that 88% of U.S. adults do not have the health literacy necessary to navigate the system without help. By helping people work with professional health advocates, Solace serves as an integral, personal support layer for health issues in a way that the health system can’t. Using proprietary technology to match patients with experienced advocates, Solace cuts through the red tape of healthcare and helps individuals and families make informed decisions that result in better outcomes.

Solace is a Series B startup founded in 2022 and backed by Inspired Capital, Craft Ventures, Torch Capital, Menlo Ventures and Signalfire. We have a lean, fully-remote U.S. team distributed coast-to-coast.

Check out our recent funding announcement in the WSJ here.

🧑‍💻 About the Role

We’re looking for a Lead Security Engineer to be our first security engineering hire and build out our security department from scratch. You will lead the charge in securing our patient-facing and internal web applications. You’ll be responsible for protecting sensitive health data, staying ahead of evolving threats, and shaping the security posture of a platform that directly impacts patients' lives.

This role is a critical hire as we continue to scale, balancing agility and speed with robust, scalable security practices. You will own end to end security processes and implementation.

What You’ll Do

• Own web application security across all our products and services (React, Node.js, PostgreSQL, Heroku).

• Promote a security-first culture within the organization by enforcing secure coding practices.

• Analyze new and existing features for potential security risks.

• Conduct regular threat modeling, vulnerability assessments, and penetration testing (both automated and manual).

• Work cross-functionally with engineering, DevOps, and compliance teams to ensure HIPAA, SOC 2, and general data privacy adherence.

• Monitor, detect, and respond to potential threats in real-time.

• Lead investigations of security incidents and breaches and perform root cause analysis and support post-incident remediation and reporting.

• Stay current on web vulnerabilities (e.g., OWASP Top 10) and mitigate them proactively.

• Help foster a security-first culture through training, documentation, and mentorship providing guidance and training to engineering and product teams on secure development practices.

What You Bring to the Table

• Experience working in a start-up environment.

• 8+ years of experience in web application security or related engineering roles.

• Proficiency with secure web development and auditing practices (e.g., input validation, authentication/authorization mechanisms, encryption in transit and at rest).

• Experience with threat modeling, vulnerability scanning tools, and manual security testing.

• Familiarity with regulatory/compliance frameworks

• Experience in healthcare or other regulated industries and knowledge of implementing HIPAA compliant software.

Up for the Challenge?

We look forward to meeting you.

Fraudulent Recruitment Advisory: Solace Health will NEVER request bank details or offer employment without an interview. All legitimate communications come from official @solace.health emails only. Report suspicious activity to hiring@solace.health.