Staff Security Engineer

Gradient AI is a leading provider of AI solutions for the Group Health and P&C insurance industries. Our solutions improve loss ratios and profitability by predicting underwriting and claim risks with greater accuracy, as well as reducing quote turnaround times and claim expenses through intelligent automation. Gradient AI’s SaaS platform leverages a vast industry data lake comprising tens of millions of policies and claims, providing insurers with high resolution, data-driven insights. Customers include some of the most recognized insurance carriers, MGAs, MGUs, TPAs, risk pools, PEOs, and large self-insured employers across all major lines of insurance. Founded in 2018, Gradient has experienced strong growth every year, and recently raised $56 million in Series C funding from top Insurtech investors.

About the Role:

We are in search of a Staff Security Engineer to manage our overall security posture. You will have a broad knowledge of the security landscape and be able to leverage that knowledge into actionable controls and metrics to make us more secure overall. We are prioritizing candidates based locally in Boston at this time. This role may require periodic onsite presence at our HQ.

How you will make an impact:

Risk/Compliance

• Lead the evaluation for HITRUST certification and SOC2 report
• Assess and improve network & data security
• Implement and automate cloud configuration management to ensure security best practices, compliance, and continuous risk mitigation

Security Operations

• Drive enterprise security initiatives that enhance the organization’s resilience against cyber threats
• Manage and optimize our Security Information and Event Management (SIEM) system to ensure accurate threat detection and effective response
• Develop and fine-tune detection rules to identify and mitigate security threats in real time
• Conduct assessments, penetration tests, and vulnerability scans to identify and remediate security gaps
• Ensure timely patching of systems and applications to reduce exposure to known exploits
• Deploy and manage endpoint detection response (EDR) solutions to monitor, detect, and respond to endpoint threats
• Manage user authentication, permissions, and identity security to protect access to critical systems
• Implement and enforce mobile device management (MDM) security policies to safeguard corporate endpoints

Skills needed to succeed:

• Hands-on experience in security systems within AWS
• 5+ years of experience as System Security Engineer or Information Security Engineer
• Experience managing security audits for SOC2 or HITRUST
• Experience in building and maintaining security systems
• Security Information Event Management (SIEM) solutions

Nice to haves:

• Familiarity with securing PHI and PII
• Experience with Data Loss Prevention (DLP)
• Security related Certifications

What We Offer:

• A fun, team-oriented startup culture.
• Generous stock options - we all get to own a piece of what we’re building.
• Flexible schedule that supports working from home.
• Full benefits package includes medical, dental, vision, 401k, paid paternal leave, and more.
• Ample opportunities to learn and take on new responsibilities.

We are an equal opportunity employer.

* indicates a required field

First Name *

Last Name *

Email *

Phone *

Resume/CV *

Enter manually

Accepted file types: pdf, doc, docx, txt, rtf

LinkedIn Profile *

Will you now or in the future require immigration sponsorship to work in the United States? * Select...

Do you have hands-on experience in security systems within AWS? * Select...

Do you have experience managing security audits for SOC2 or HITRUST? * Select...