Staff Security Engineer

Prenuvo – Staff Security Engineer Location: Vancouver (hybrid work model) Company Overview At Prenuvo, our mission is to shift from reactive “sick‑care” to proactive health care. Our award‑winning whole‑body scan is fast (under 1 hour), safe, and non‑invasive, and it is powered by an integrated stack of optimized hardware, software, and AI. We are a fast‑growing health‑tech startup committed to scaling securely and responsibly. Job Description We are looking for a Staff Security Engineer to lead initiatives that secure mission‑critical services such as authentication, PII handling, and health data systems. This role sits at the intersection of platform engineering and security and drives the secure architecture and modernization of our core backend services. Responsibilities Lead the secure architecture and modernization of our core backend services and authentication infrastructure Drive redesign of our Auth0 integration using best‑practice patterns (e.g., forward‑auth, session tokenization, fine‑grained scopes) Spearhead our transition of services behind AWS API Gateway, designing secure and scalable ingress patterns Triage and resolve security issues identified by tools like Aikido, Vanta, and cloud‑native services (e.g., AWS Inspector) Define and implement secure defaults and infrastructure policies across CI/CD, IaC, and runtime environments Conduct threat modeling for new features and services; create reusable models and playbooks for engineering teams Collaborate with product and compliance teams to ensure our architecture supports HIPAA, ISO 27001, and other regulatory requirements Mentor engineers in secure coding practices, security review processes, and privacy‑conscious design Influence decisions across authentication flows (OAuth2, OpenID Connect), identity federation, and permission boundaries Qualifications 10+ years of experience in backend/platform engineering with a strong focus on application and infrastructure security Knowledge of forward‑auth proxies (e.g., OAuth2 Proxy, Traefik) and secure session management patterns Experience working with OAuth2, Auth0, or similar identity management systems at scale Hands‑on experience implementing API Gateway patterns and managing authentication/authorization at the edge Deep understanding of secure coding practices, vulnerability management, and secure cloud architectures Familiarity with compliance standards such as HIPAA, ISO 27001, or SOC 2, and how they translate into technical requirements Proven experience driving cross‑functional security initiatives and working with Security, DevOps, and Product teams Expertise in Python (FastAPI or Flask) and modern CI/CD tools (GitHub Actions, CircleCI) Experience handling incident response, including RCA and vulnerability remediation planning Strong communication and leadership skills with the ability to make progress in ambiguity Nice to Have Experience with infrastructure‑as‑code (Terraform, Pulumi, AWS CDK) and automated policy enforcement tools (OPA, Aikido, Vanta) Experience working with containerized development environments and tools like containers.dev, LocalStack Familiarity with healthcare interoperability standards or data types (DICOM, HL7, FHIR, etc.) Our Values We are pioneers, transforming healthcare with divergent thinking and disciplined experimentation. We are platform‑builders, continuously building foundations to achieve tomorrow. We are patients, dedicated to improving the lives of those we serve. Benefits Opportunity to make a positive impact on people’s health. Free whole‑body scans for each team member. Growth opportunities with no single path to success. Weekly team gatherings for connection and socialization. Flexible vacation policy to encourage restorative time. Comprehensive benefits package including health, dental, vision, and mental health coverage. The base salary ranges from $144,000 to $217,000 in local currency, depending on experience. Equal‑Opportunity Employer We are an equal‑opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. As part of the hiring process, successful candidates will undergo a background check in compliance with applicable federal, provincial, and state rules. Official communication from our recruitment team will only come from our authorized domain: prenuvo.com. If contacted by a recruiter, ensure their email address ends with @prenuvo.com. We do not use third‑party recruitment services or any other email domains for hiring purposes. If you receive communication that you believe to be fraudulent, please report it immediately to jobs@prenuvo.com. #J-18808-Ljbffr