Apply on Employer Site

Doctronic · 6 hours ago

Information Security Engineer

New York, NY

Full-time

Onsite

Senior Level

$180K/yr - $240K/yr

7+ years exp

Doctronic is the first AI legally authorized to practice medicine, processing millions of consultations monthly with high accuracy. The Information Security Engineer will be responsible for maintaining and strengthening the company's security posture, ensuring compliance with HIPAA and SOC 2 Type II as they scale their operations.

Artificial Intelligence (AI)Generative AIHealth CareHealth DiagnosticsMachine LearningPersonal Health

Responsibilities

Maintain SOC 2 Type II compliance and manage ongoing audits with external assessors

Implement and monitor HIPAA technical safeguards across our infrastructure and applications

Conduct and coordinate regular penetration testing, vulnerability assessments, and security reviews

Complete vendor security reviews and respond to enterprise security questionnaires from health systems and payers

Implement and enforce security policies across engineering, operations, and business teams

Respond to security incidents with urgency and thoroughness, conducting post-incident analysis

Build security automation and monitoring to scale protection as the company grows

Collaborate with engineering teams to embed security best practices into the development lifecycle

Stay current on emerging threats, vulnerabilities, and regulatory requirements in healthcare technology

Qualification

SOC 2 complianceHIPAA compliancePenetration testingCloud securityAWS security controlsSecurity automationSecurity policiesSecurity incident responseCommunicatorProactive problem-solverCollaborative partnerHealthcare backgroundSecurity certificationsApplication security

Required

7+ years of information security experience in production environments

Healthcare or fintech background required—you understand regulated industry security requirements

Hands-on technical ability, not just policy and paperwork—you can read code, configure systems, and investigate incidents

Deep experience with SOC 2, HIPAA, or equivalent compliance frameworks

Familiarity with AWS security controls, IAM, encryption, and cloud security best practices

Strong communicator who can translate security requirements for technical and non-technical audiences

Proactive problem-solver who anticipates risks before they materialize

Collaborative partner who enables teams to move fast while staying secure

Preferred

CISSP, CISM, CISA, or equivalent security certification

Experience with health information exchanges, TEFCA, QHIN, or interoperability standards

Startup security experience—building security programs from scratch vs. maintaining established ones

Familiarity with AI/ML security considerations and model protection

Experience with mobile app security (iOS/Android)

Knowledge of medical device security standards or FDA digital health guidance

Background in application security, secure SDLC, or DevSecOps

Benefits

Equity Opportunities

Comprehensive Health Benefits

Dental, and vision coverage—plus mental health support and flexible time off

Company

Doctronic

Doctronic is the #1 AI doctor delivering secure, accurate, and instant medical guidance & seamless access to licensed physicians 24/7

Founded in 2024

New York, New York, USA

51-200 employees

https://www.doctronic.ai

Funding

Current Stage

Growth Stage

Total Funding

$25M

Key Investors

Lightspeed Venture PartnersUnion Square Ventures

2025-09-15Series A· $20M

2025-04-17Seed· $5M

Leadership Team

Matt Pavelle

Co-founder and co-CEO

Byron Crowe

Chief Medical Officer

Recent News

STAT

Opinion: STAT+: After FDA’s pivot on clinical AI, we need AI safety research more than ever

2026-01-16

Ars Technica - All content

AI starts autonomously writing prescription refills in Utah

2026-01-09

semafor.com

Utah becomes first US state to test AI prescriptions

2026-01-08

Company data provided by crunchbase