Synthesis Health · 2 days ago
Staff Security Engineer
United States
Full-time
Remote
Senior Level, Lead/Staff
$150K/yr - $180K/yr
8+ years expSynthesis Health is a mission- and values-driven company dedicated to revolutionizing healthcare through innovation. They are seeking a Staff Security Engineer to own the identity management landscape and serve as the primary technical authority, leading high-stakes technical conversations with enterprise customers while ensuring compliance and security posture through automation.
Health CareMedicalWellness
Responsibilities
Own the Complete Identity Stack: You will architect the end-to-end identity strategy for the platform. This includes the token management infrastructure (minting, validation, rotation, revocation), session handling, and the rigorous implementation of identity standards (OIDC, SAML 2.0, OAuth 2.0)
Enterprise Technical Partnership: You will serve as the primary technical voice for Identity during critical pre-sales and onboarding conversations. You will lead technical deep dives with customer security teams, translating their complex legacy requirements into modern, secure integration patterns
Frictionless Federation: You will build the architecture for seamless hospital onboarding, automating the provisioning of users via upstream identity signals (SCIM, JIT provisioning) while ensuring Zero Trust principles are maintained
Compliance as Code: You will automate the evidence collection and enforcement of our compliance controls (ISO 27001, SOC2, HIPAA). You will build tooling that continuously monitors our cloud environment (GCP) for drift and auto-remediates violations
Audit Leadership: You will serve as the technical lead for external security audits, translating complex auditor requirements into engineering tasks and demonstrating our security posture through automated proofs
Secure Software Supply Chain: You will secure our CI/CD pipelines, implementing signing (Sigstore/Cosign), vulnerability scanning (SBOM), and secrets management strategies
Mentorship & Culture: You will elevate the security consciousness of the organization. You will mentor engineers on common vulnerability patterns (OWASP Top 10) and lead threat modeling sessions for critical new features
Qualification
Required
8+ years of security engineering experience, with a specialized focus on Identity and Access Management (IAM)
Expert in the mechanics of token infrastructure (JWTs, JWKS, refresh tokens) and B2B federation
Presence and depth to lead high-stakes technical meetings
Ability to effectively communicate complex security architectures to external CISOs and architects, establishing immediate trust and authority
Successfully automated compliance frameworks (SOC2 Type II, ISO 27001, HIPAA) in a cloud-native environment
Deep hands-on experience securing Google Cloud Platform (GCP) or AWS
Understanding of IAM roles, VPC Service Controls, and organization-level policies
Ability to read and write code (Go, Python, TypeScript)
Ability to perform code reviews, identify complex logic flaws, and write custom security tooling
Preferred
Experience handling PHI (Protected Health Information) and understanding the specific security requirements of the HIPAA Security Rule
CISSP, CCSP, or Google Professional Cloud Security Engineer certifications (valued, but experience trumps paper)
Benefits
Medical
Dental
Vision
"Use as needed" vacation policy
Participation in our employee option program
Company
Synthesis Health
Synthesis Health provides diagnostic and interventional radiology services.
51-200 employees
Funding
Current Stage
Growth StageTotal Funding
$1.83M2025-08-06Series Unknown· $1.83M
2023-01-01Seed
Leadership Team
Deepak Kaura
Chief Product Officer
Recent News
Google Patent
2025-05-05
2025-05-05
Company data provided by crunchbase