[Remote] Staff Security Engineer

Note: The job is a remote job and is open to candidates in USA. Rightway is hiring a Staff Security Engineer to enhance the security maturity of their systems and AWS estate, supporting a better healthcare experience. This senior individual contributor role involves providing architectural judgment, hands-on execution, and leadership for the Application Security and Cloud Security functions, while collaborating with various teams to implement effective security controls.

Responsibilities

• Direct the daily execution of the Application Security and Cloud Security functions, balancing near-term delivery, technical quality, and team development
• Establish technical priorities, decision frameworks, and operating expectations for two security disciplines so work is sequenced effectively and aligned to business risk
• Architect and deploy defensive controls for LLM- and AI-enabled capabilities, including protections around prompt handling, retrieval paths, model-connected integrations, sensitive data exposure, and abusive use patterns
• Assess software, services, dependencies, infrastructure, and deployment patterns to identify material weaknesses and drive practical corrective actions with engineering partners
• Raise the resilience of Rightway's AWS footprint across identity boundaries, network segmentation, key management, service configuration, organizational structure, and detective guardrails
• Expand automation for cloud and platform assurance, including infrastructure policy enforcement, configuration review, deployment gating, and runtime visibility in Terraform and CI/CD workflows
• Set the approach for risk-based prioritization by combining severity, exploit likelihood, business criticality, and environmental context so the most meaningful issues are addressed first
• Define durable secure engineering expectations that teams can adopt during design, build, test, and release activities without adding unnecessary friction
• Work with Product and Engineering leaders to shape secure implementation patterns for new platform capabilities, customer-facing features, and AI-driven functionality before those designs are broadly adopted
• Run deep technical reviews for major initiatives, including new services, cloud patterns, external integrations, and emerging architectures that introduce novel attack surface
• Guide authentication, authorization, and trust-boundary decisions for business-critical workflows, including SAML 2.0, OAuth, and OIDC use cases spanning B2B and B2C contexts
• Unify application and cloud control strategy in areas such as secrets usage, identity design, telemetry, service-to-service trust, and deployment architecture so security decisions remain coherent across the stack
• Coordinate with Corporate Security where shared capabilities such as logging, alerting, access governance, or incident visibility require common design and operational support
• Improve the signal quality of detection, validation, and testing approaches so teams can investigate faster and act on higher-confidence findings
• Evaluate, pilot, and operationalize advanced security capabilities, including AI-enabled techniques that improve engineering review, analysis, and remediation outcomes

Skills

• 8 to 12 years of experience in security engineering, including substantial hands-on depth across both application or product security and cloud security
• A track record of leading difficult technical work across multiple security domains and helping other engineers improve through direction, coaching, and example
• Stay current on emerging AI security guidance, including the OWASP Top 10 for LLM Applications and the OWASP GenAI Security Project, and have applied that knowledge in real system design
• Strong AWS security expertise across IAM, networking, encryption, secrets protection, logging, and multi-account design, and know how to secure infrastructure-as-code and modern delivery pipelines
• Operate as a senior technical partner to engineering and infrastructure teams on topics such as identity, service hardening, telemetry, and secure configuration
• Read and reason about application code and system architecture, and have enough fluency in one or more backend environments such as Ruby, Node.js, or Java to work credibly with developers
• Communicate clearly with both technical and non-technical stakeholders and can explain tradeoffs, priorities, and risk to senior leadership
• Experience in regulated environments such as healthcare, finance, or education

Benefits

• Bonus
• Equity

Company Overview

Company H1B Sponsorship