Senior Security Engineer

Solace is a healthcare advocacy marketplace that connects patients and families to experts who help them understand and take charge of their personal health

About the Role

We're looking for a Senior Security Engineer to join our security team as our second security hire. You'll play a foundational role in building and scaling our corporate security program, security operations, and governance functions as we rapidly grow from 200 to 400+ employees.

This is a high-impact role where you'll own critical security and compliance initiatives across the organization. You'll work directly with IT, HR, Legal, and leadership teams to build robust security controls, drive awareness, and establish a security-first culture while maintaining the agility a Series B startup requires.

About Solace 🔥

Healthcare in the U.S. is fundamentally broken. The system is so complex that 88% of U.S. adults do not have the health literacy necessary to navigate it without help. Solace cuts through the red tape of healthcare by pairing patients with expert advocates and giving them the tools to make better decisions—and get better outcomes.

We're a Series B startup, founded in 2022 and backed by Inspired Capital, Craft Ventures, Torch Capital, Menlo Ventures, and Signalfire. Our fully remote U.S. team is lean, mission-driven, and growing quickly.

Solace isn't a place to coast. We're here to redefine healthcare—and that demands urgency, precision, and heart. If you're looking to stretch yourself, sharpen your edge, and do the best work of your life alongside a team that cares deeply, you're in the right place. We’re intense, and we like it that way.

Read more in our Wall Street Journal funding announcement here._

What You'll Do

Identity & Access Management (Primary Focus)

• Manage and optimize Okta SSO deployment across 70+ SaaS applications
• Implement and enforce role-based access controls (RBAC) and least privilege principles
• Lead quarterly access reviews and user lifecycle management
• Drive adoption of MFA and implement conditional access policies
• Oversee endpoint management via Jamf and device compliance standards

Security Governance & Compliance

• Drive HIPAA and SOC 2 compliance maintenance through Vanta
• Manage vendor risk assessment program and Business Associate Agreement (BAA) collection for 70+ vendors
• Develop and maintain security policies, standards, and procedures
• Support customer security assessments and RFP responses
• Prepare for HITRUST certification and future IPO readiness requirements

Security Awareness & Training

• Design and deliver security awareness training
• Create role-specific training programs (HIPAA, phishing, data handling, incident response)
• Build and maintain security documentation and knowledge base
• Develop metrics and reporting on training completion and effectiveness
• Partner with HR on security onboarding and offboarding processes

Security Operations & Monitoring

• Implement and tune security monitoring and alerting systems
• Manage security logging and audit trail requirements for HIPAA compliance
• Conduct security assessments and risk analysis
• Lead incident response coordination and post-incident reviews
• Track and remediate security findings from audits and assessments

Risk Management & Third-Party Security

• Maintain risk register and coordinate risk treatment activities
• Conduct vendor security assessments and ongoing monitoring
• Support procurement reviews for security and compliance implications
• Manage security aspects of contractor access and data handling

What You Bring to the Table

• 4+ years in corporate security, GRC, security operations, or similar roles
• Hands-on experience with identity and access management (Okta, Azure AD, or similar IAM platforms)
• Practical HIPAA implementation experience in healthcare or regulated environments
• Experience building security awareness programs and delivering training to diverse audiences
• Demonstrated success implementing security controls in cloud-first organizations
• Familiarity with compliance frameworks (SOC 2, HIPAA, HITRUST) and audit processes
• Experience with endpoint management solutions (Jamf, Intune, or similar)
• Security certifications (CISSP, CISM, CISA, Security+, or similar)
• Experience with GRC platforms (Vanta, Drata, SecureFrame)
• Background in IT systems administration or helpdesk
• Experience managing security for remote/distributed workforces
• Familiarity with vendor risk management platforms
• Knowledge of data privacy regulations (GDPR, CCPA)
• Ability to collaborate and balance security rigor with business enablement

Applicants must be based in the United States.