Nearly every disease will become treatable in our lifetimes. Mandolin is laying the clinical and financial infrastructure to get groundbreaking treatments to patients faster, powered by AI agents.
Mandolin partners closely with the largest healthcare institutions in the US, covering more than $10B drug spend across the country. We're backed by Greylock, SV Angel, Maverick, SignalFire, and the founders of Vercel, Decagon, and Yahoo.
Mandolin’s usage is climbing quickly and we’re preparing for a broad public launch. The platform must deliver enterprise-grade reliability, airtight security, and effortless developer productivity while processing sensitive healthcare data. We’re looking for a DevSecOps leader who can build and operate a rock-solid cloud foundation—then codify the best-practice guardrails that every engineer will rely on as we scale.
We’re looking for a senior security practitioner to own the security posture of our cloud infrastructure and software delivery lifecycle.
This isn't just a compliance checklist role, it's a builder's role.
You will design and support the zero-trust foundation, embed security tooling into our developer workflows, and lead proactive threat detection efforts while ensuring our platform on Public Cloud scales safely and efficiently.
Architect Zero-Trust Infrastructure on Public Cloud: Design and own resilient cloud infrastructure using Pulumi. Establish strict Zero Trust Networking (ZTN) principles and enforce service-to-service authentication with mTLS. Define autoscaling policies and HA networking for Kubernetes (GKE) and serverless workloads that balance security and cost efficiency.
Lead Proactive Security & Threat Hunting: Go beyond scanning. Implement threat hunting strategies across our code repositories and CI/CD pipelines. Deploy, tune, and operationalize a SIEM to correlate events across cloud logs, Kubernetes audit trails, and application telemetry.
Secure the SDLC & Developer Experience: Own the security toolchain from commit to deploy. Integrate SAST, dependency scanning, and container image scanning (OWASP-aligned) directly into GitHub Workflows and ArgoCD rollouts. Help developers move fast without breaking things by providing secure "golden path" runbooks and dev-containers.
Governance, Compliance & Secrets Lifecycle: Drive the technical implementation for SOC 2 and HIPAA compliance. Centralize secrets management and enforce automated certificate rotation. Implement IaC compliance checks to prevent misconfigurations before they reach production.
Operationalize Observability & Incident Response: Maintain observability pipelines (Prometheus/Grafana/Cloud Logging) with an eye toward security signal-to-noise. Define actionable SLOs for security controls and lead incident response playbooks for cloud-native threats.
Cross-Functional Security Leadership: Partner with backend teams to review architecture for security flaws and scalability. Be the subject matter expert for internal developer platform security.
8+ years in Security Engineering, DevOps, or Site Reliability, with a deep security focus.
GCP Security Mastery: Deep hands-on experience securing public cloud environments, especially Cloud Run, GKE, IAM, and VPC Service Controls.
Zero-Trust & mTLS: Proven experience implementing a service mesh or mTLS encryption between services in a containerized environment.
Proactive Defense: Experience conducting proactive threat hunting in codebases and CI logs, not just reacting to scanner alerts.
SIEM & Detection Engineering: Experience deploying and managing a SIEM platform in a cloud-native environment.
IaC & GitOps Security: Expert-level proficiency in Pulumi (preferred) or Terraform, paired with strong operational knowledge of ArgoCD/Argo Workflows.
Application Security Fundamentals: Strong background in OWASP Top 10, dependency confusion prevention, and container image hardening.
Compliance & Cert Management: Working knowledge of SOC 2 and HIPAA technical controls, and a deep understanding of automated secret and certificate rotation strategies.
Experience with workflow orchestration platforms (Temporal, Cadence, Airflow).
Experience building internal developer platforms or developer portals (Backstage, etc.).
Familiarity with Workload Identity Federation and policy-as-code (OPA/Gatekeeper).
Loading similar jobs...
Discover fully remote job opportunities in the United States at USA Remote Jobs. Apply for roles like Software Developer, Customer Service Specialist, Project Manager, and more!