Senior Security Engineer

Solace is a healthcare advocacy marketplace that connects patients and families to experts who help them understand and take charge of their personal health

About the Role

We’re looking for a Senior Security Engineer to join our security team as our second security hire. You’ll play a foundational role in building and scaling our corporate security program, security operations, and governance functions as we rapidly grow from 200 to 400+ employees.

This is a high-impact role where you’ll own critical security and compliance initiatives across the organization. You’ll work directly with IT, HR, Legal, and leadership teams to build robust security controls, drive awareness, and establish a security-first culture while maintaining the agility a Series B startup requires.

About Solace

Healthcare in the U.S. is fundamentally broken. The system is so complex that 88% of U.S. adults do not have the health literacy necessary to navigate it without help. Solace cuts through the red tape of healthcare by pairing patients with expert advocates and giving them the tools to make better decisions—and get better outcomes.

We’re a Series B startup, founded in 2022 and backed by Inspired Capital, Craft Ventures, Torch Capital, Menlo Ventures, and Signalfire. Our fully remote U.S. team is lean, mission-driven, and growing quickly.

Solace isn’t a place to coast. We’re here to redefine healthcare—and that demands urgency, precision, and heart. If you’re looking to stretch yourself, sharpen your edge, and do the best work of your life alongside a team that cares deeply, you’re in the right place. We’re intense, and we like it that way.

Read more in our Wall Street Journal funding announcement here.

What You’ll Do

Identity & Access Management (Primary Focus)

Manage and optimize Okta SSO deployment across 70+ SaaS applications

Implement and enforce role-based access controls (RBAC) and least privilege principles

Lead quarterly access reviews and user lifecycle management

Drive adoption of MFA and implement conditional access policies

Oversee endpoint management via Jamf and device compliance standards

Security Governance & Compliance

Drive HIPAA and SOC 2 compliance maintenance through Vanta

Manage vendor risk assessment program and Business Associate Agreement (BAA) collection for 70+ vendors

Develop and maintain security policies, standards, and procedures

Support customer security assessments and RFP responses

Prepare for HITRUST certification and future IPO readiness requirements

Security Awareness & Training

Design and deliver security awareness training

Create role-specific training programs (HIPAA, phishing, data handling, incident response)

Build and maintain security documentation and knowledge base

Develop metrics and reporting on training completion and effectiveness

Partner with HR on security onboarding and offboarding processes

Security Operations & Monitoring

Implement and tune security monitoring and alerting systems

Manage security logging and audit trail requirements for HIPAA compliance

Conduct security assessments and risk analysis

Lead incident response coordination and post-incident reviews

Track and remediate security findings from audits and assessments

Risk Management & Third-Party Security

Maintain risk register and coordinate risk treatment activities

Conduct vendor security assessments and ongoing monitoring

Support procurement reviews for security and compliance implications

Manage security aspects of contractor access and data handling

What You Bring to the Table

• 4+ years in corporate security, GRC, security operations, or similar roles

  Hands-on experience with identity and access management (Okta, Azure AD, or similar IAM platforms)

  Practical HIPAA implementation experience in healthcare or regulated environments

  Experience building security awareness programs and delivering training to diverse audiences

  Demonstrated success implementing security controls in cloud-first organizations

  Familiarity with compliance frameworks (SOC 2, HIPAA, HITRUST) and audit processes

  Experience with endpoint management solutions (Jamf, Intune, or similar)

  Security certifications (CISSP, CISM, CISA, Security+, or similar)

  Experience with GRC platforms (Vanta, Drata, SecureFrame)

  Background in IT systems administration or helpdesk

  Experience managing security for remote/distributed workforces

  Familiarity with vendor risk management platforms

  Knowledge of data privacy regulations (GDPR, CCPA)

  Ability to collaborate and balance security rigor with business enablement

  Applicants must be based in the United States.

  Up for the Challenge?

  We look forward to meeting you.

  Fraudulent Recruitment Advisory: Solace Health will NEVER request bank details or offer employment without an interview. All legitimate communications come from official solace.health emails only or ashbyhq.com. Report suspicious activity to recruiting@solace.health or advocate@solace.health.