Staff Security Engineer

About Us

At Prenuvo, we are on a mission to flip the paradigm from reactive "sick-care" to proactive health care. Our award-winning whole body scan is fast (under 1 hour), safe (MRI has no ionizing radiation), and non-invasive (no contrast). Our unique integrated stack of optimized hardware, software, and increasingly AI, coupled with the patient-centric experience across our domestic and global clinics, have allowed us to lead the change against "we caught it too late again".

We're looking for a Staff Security Engineer to join our Core Platform team and help lead initiatives that secure mission-critical services such as authentication, PII handling, and health data systems. This is an impactful, high-leverage role for an engineer who thrives at the intersection of platform engineering and security, and who's excited to help a fast-growing health tech startup scale securely and responsibly.

You'll be empowered to make pragmatic technical decisions, lead architectural modernization, and spearhead efforts to harden systems, drive secure development practices, and ensure compliance with regulatory and internal standards.

This role is Vancouver-based with a flexible hybrid work model.

Help reshape the world through proactive healthcare while working with cutting-edge technology and high performing teams with deep expertise - join us to make a difference in people's lives

What You'll Do

• Lead the secure architecture and modernization of our core backend services and authentication infrastructure
• Drive redesign of our Auth0 integration using best-practice patterns (e.g., forward-auth, session tokenization, fine-grained scopes)
• Spearhead our transition of services behind AWS API Gateway, designing secure and scalable ingress patterns
• Triage and resolve security issues identified by tools like Aikido, Vanta, and cloud-native services (e.g., AWS Inspector)
• Define and implement secure defaults and infrastructure policies across CI/CD, IaC, and runtime environments
• Conduct threat modeling for new features and services; create reusable models and playbooks for engineering teams
• Collaborate with product and compliance teams to ensure our architecture supports HIPAA, ISO 27001, and other regulatory requirements
• Mentor engineers in secure coding practices, security review processes, and privacy-conscious design
• Own or influence decisions across authentication flows (OAuth2, OpenID Connect), identity federation, and permission boundaries

What You'll Bring

• 10+ years of experience in backend/platform engineering, with a strong focus or interest in application and infrastructure security
• Knowledge of forward-auth proxies (e.g., OAuth2 Proxy, Traefik, or custom) and secure session management patterns
• Experience working with OAuth2, Auth0, or similar identity management systems at scale
• Hands-on experience implementing API Gateway patterns and managing authentication/authorization at the edge
• Deep understanding of secure coding practices, vulnerability management, and secure cloud architectures
• Familiarity with compliance standards such as HIPAA, ISO 27001, or SOC 2, and how they translate into technical requirements
• Proven experience driving cross-functional security initiatives and working with Security, DevOps, and Product teams
• Expertise in Python (FastAPI or Flask) and modern CI/CD tools (GitHub Actions, CircleCI)
• Experience handling incident response, including RCA and vulnerability remediation planning
• Strong communication and leadership skills with the ability to make progress in ambiguity

Nice to Have

• Experience with infrastructure-as-code (Terraform, Pulumi, AWS CDK) and automated policy enforcement tools (e.g., OPA, Aikido, Vanta)
• Experience working with containerized development environments and tools like , LocalStack
• Familiarity with healthcare interoperability standards or data types (DICOM, HL7, FHIR, etc.)

Our Values 

First: we are Pioneers

• Transforming healthcare requires divergent thinking, bias for action, disciplined experimentation, and consistent grit and determination to maintain momentum. This journey is as challenging as it is rewarding.

Second: we are Platform-Builders

• We're always building foundations that allow us to achieve tomorrow more than we did today. We never lose sight of what's ahead – in a mindset of ownership and duty to our mission.

Above all: we are Patients

• We could all be the next person who walks through our very doors, seeking clarity or peace of mind. We are proud of our impact on our patients' lives, and we won't stop till everyone can benefit from our work.

What We Offer

• An avenue to make a positive impact on people's lives and their health
• We believe in preventative healthcare for everyone, including our team - Prenuvo provides free, whole-body scans to each team member 
• Growth opportunities are at the heart of our people journey, we're doing big things with bright minds - there is no single path to success, it can be shaped along the way
• Building strong relationships is at the core of everything we do - our team gets together each week to connect, share, and socialize 
• Recognizing time away to restore is vital to our wellbeing - we have a flexible vacation policy and we will encourage you to use it
• We offer a comprehensive benefits package including health, dental, vision, including Mental Health coverage, to support you and your family
• The base salary for this role ranges from $144,000- $217,000 in local currency, depending upon experience

We are an equal-opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.

As part of the hiring process, successful candidates will undergo a background check in compliance to applicable federal, provincial, and state rules.

Please be advised that official communication from our recruitment team will only come from our authorized domain []. If you are contacted by a recruiter, please ensure their email address ends with We do not use third-party recruitment services or any other email domains for hiring purposes. If you receive communication that you believe to be fraudulent, please report it immediately to