Back to Jobs
CharliehealthDevelopment 2d ago

Lead Security Engineer

Remote (United States)
Full-time
$180,000 - $240,000

Job Description

Why Charlie Health?

Millions of people across the country are navigating mental health conditions, substance use disorders, and eating disorders, but too often, they’re met with barriers to care. From limited local options and long wait times to treatment that lacks personalization, behavioral healthcare can leave people feeling unseen and unsupported.

Charlie Health exists to change that. Our mission is to connect the world to life-saving behavioral health treatment. We deliver personalized, virtual care rooted in connection—between clients and clinicians, care teams, loved ones, and the communities that support them. By focusing on people with complex needs, we’re expanding access to meaningful care and driving better outcomes from the comfort of home.

As a rapidly growing organization, we're reaching more communities every day and building a team that’s redefining what behavioral health treatment can look like. If you're ready to use your skills to drive lasting change and help more people access the care they deserve, we’d love to meet you.

About the Role

Charlie Health is seeking an experienced Lead Security Engineer to join our Information Security team. In this role, you will partner closely with engineering and product teams to embed secure development practices across the entire software development lifecycle (SDLC). You will be the subject matter expert on application and cloud infrastructure security, guiding the business in building secure, scalable and HIPAA-compliant software solutions.

Responsibilities

  • Lead application security program including SAST/DAST integration, security code reviews and developer training.
  • Perform threat modeling and architecture reviews to identify potential security risks early in design phases.
  • Integrate security tooling and automate security processes into CI/CD and DevOps pipelines.
  • Manage application and cloud security vulnerability management program including configuration of scanning tools, validation and prioritization of findings, and remediation of risks.
  • Review and document new third-party integrations with Charlie Health applications and cloud infrastructure.
  • Perform internal penetration testing and manage third-party penetration tests.
  • Work with teams to build and enforce secure SDLC controls in a fast-paced agile environment.
  • Develop cloud security configuration baselines and monitor for gaps.
  • Document business continuity and disaster recovery procedures for cloud infrastructure environment.
  • Participate in security incident response activities related to Charlie Health applications and infrastructure systems.
  • Help define metrics and KPIs that demonstrate the effectiveness of the application and cloud security programs

Required Qualifications

  • 7+ years of experience in application security, secure software development, cloud security or related roles.
  • Bachelor’s degree in Computer Science or related field, or equivalent experience.
  • Proficiency in secure coding practices and languages such as Typescript, Node, Python, Java, C++ or similar.
  • Hands-on experience with application security tools (e.g., Burp Suite, OWASP ZAP, Fiddler).
  • Knowledge of container security concepts, including container image scanning, secure image pipelines, and common misconfigurations in containerized environments.
  • Deep understanding of web application vulnerabilities: XSS, CSRF, SQLi, session management, etc.
  • Experience implementing security in CI/CD pipelines such as GitHub Action and agile development workflows.
  • Familiarity with AWS cloud platform and AWS security best practices.
  • Familiarity with management and deployment of SAST, DAST, and SCA tooling
  • Knowledge of authentication technologies (i.e. Auth0, Okta, etc) and how to securely integrate them with applications
  • Strong communication skills with ability to clearly articulate risk to technical and non-technical audiences.

Preferred Qualifications

  • Experience with HIPAA and securing applications in healthcare, or other regulated, environments.
  • OSCP, OSWE, AWS Security or other relevant security certifications.
  • Experience securing custom software collaboratively on a team.
  • Experience with Wiz or similar CNAPP tools.
  • Knowledge of AI/ML security best practices.
  • Familiarity with Infrastructure as Code (IaC).
  • Knowledge of security standards such as SOC2, ISO 27001/2, NIST 800-53, HITRUST, or HIPAA Security Rule.

Why Join Us?

At Charlie Health, security is foundational to our mission of delivering high-quality virtual mental healthcare. You’ll play a key role in shaping our security program, building secure-by-design solutions that impact lives every day. We’re a collaborative, mission-driven team that values continuous learning and innovation in pursuit of protecting our users and data.

Benefits

Charlie Health is pleased to offer comprehensive benefits to all full-time, exempt employees. Read more about our benefits here.

The total target base compensation for this role will be between $180,000 and $240,000 per year at the commencement of employment. Please note, pay will be determined on an individualized basis and will be impacted by location, experience, expertise, internal pay equity, and other relevant business considerations. Further, cash compensation is only part of the total compensation package, which, depending on the position, may include stock options and other Charlie Health-sponsored benefits.

Safety First

  • Never pay for a job application.
  • Do not share sensitive bank info.
  • Verify the client before starting work.