Senior Corporate Security Engineer

Why Charlie Health?

Millions of people across the country are navigating mental health conditions, substance use disorders, and eating disorders, but too often, they’re met with barriers to care. From limited local options and long wait times to treatment that lacks personalization, behavioral healthcare can leave people feeling unseen and unsupported.

Charlie Health exists to change that. Our mission is to connect the world to life-saving behavioral health treatment. We deliver personalized, virtual care rooted in connection—between clients and clinicians, care teams, loved ones, and the communities that support them. By focusing on people with complex needs, we’re expanding access to meaningful care and driving better outcomes from the comfort of home.

As a rapidly growing organization, we're reaching more communities every day and building a team that’s redefining what behavioral health treatment can look like. If you're ready to use your skills to drive lasting change and help more people access the care they deserve, we’d love to meet you.

About the role

The Senior Corporate Security Engineer role is responsible for designing, building and operating the technical security systems and controls that protect Charlie Health’s corporate environment, workforce systems, endpoints, SaaS platforms, cloud-connected services and internal operations.

This is a senior hands-on security engineering role requiring expertise in enterprise security, identity and access management, endpoint security, SaaS security, data protection, security automation, cloud security and detection engineering. The Corporate Security Engineer will partner closely with IT Engineering, Information Security, Compliance, Engineering and business teams to reduce risk, improve control maturity and support Charlie Health’s continued growth.

Our IT and Information Security organizations treat security as an engineering discipline. We value ownership, measurable outcomes, automation, reliability, secure-by-design implementation and continuous improvement. The Corporate Security Engineer will build scalable security capabilities that protect sensitive company, employee, clinician and patient data while enabling the business to move quickly and safely.

Charlie Health is also building an AI-native operating model. This role will help secure the enterprise use of AI tools, LLM platforms, AI-enabled workflows and emerging AI security products. The ideal candidate is excited to work with tools and platforms such as OpenAI, Anthropic, LiteLLM, Prompt Security, Pillar and other AI security technologies, while helping define practical controls for safe and responsible AI adoption.

Charlie Health operates in a highly regulated healthcare environment. This role will support security controls aligned to HIPAA, SOC 2, NIST, Zero Trust principles and other applicable regulatory and contractual requirements.

This role can either be in-office or remote.

Responsibilities

Security Engineering & Control Design

Design, build and operate technical security controls across Charlie Health’s corporate technology environment

Engineer scalable security solutions for identity, endpoints, SaaS platforms, cloud-connected services, collaboration tools and internal systems

Translate security requirements into reliable technical controls, automations, detections and operational workflows

Partner with IT Engineering to embed secure-by-design practices into enterprise systems, integrations and infrastructure

Establish control patterns that improve security posture, operational efficiency, auditability and resilience

Identity, Access Control & Zero Trust

Design and improve identity and access controls across workforce systems, SaaS applications and privileged access workflows

Implement and mature controls for MFA, conditional access, device trust, role-based access, least privilege, service accounts and lifecycle automation

Partner with IT and business teams to improve joiner, mover, leaver, access review and elevated access processes

Help advance Charlie Health’s Zero Trust strategy through identity-centric control design, continuous verification and measurable trust signals

Endpoint, SaaS & Cloud Security

Engineer and improve security controls across Mac, Windows, mobile and BYOD environments

Partner with endpoint engineering teams to improve secure configuration baselines, MDM policy, EDR coverage, device compliance and vulnerability remediation

Assess and improve the security posture of corporate SaaS platforms, integrations, APIs and service accounts

Configure and operationalize security tooling across platforms such as SentinelOne, Wiz, Google Workspace, Okta, Jamf, Microsoft Intune, GitHub, Slack, Atlassian and related systems

Support cloud security visibility and control implementation across AWS and related services, including use of CloudTrail and other telemetry sources

Detection, Response & Security Operations

Build and improve detections, alerts, dashboards, runbooks and response workflows across corporate security tooling

Partner with Expel MDR and internal teams to improve telemetry quality, alert fidelity, investigation workflows and response outcomes

Support investigation and response for identity, endpoint, SaaS, email, cloud, data exposure and corporate security events

Tune security tools to reduce noise, improve signal quality and increase confidence in control effectiveness

Develop repeatable playbooks and operating procedures that improve incident readiness and operational consistency

AI Security & Secure AI Adoption

Help secure Charlie Health’s use of AI tools, LLM platforms, AI agents and AI-enabled workflows

Evaluate and operationalize controls for AI data protection, prompt-layer security, access governance, logging and usage monitoring

Partner with IT, Security, Compliance and business teams to define practical security patterns for tools such as OpenAI, Anthropic, LiteLLM, Prompt Security, Pillar and related platforms

Assess risks related to sensitive data exposure, PHI leakage, model access, third-party integrations and AI-enabled automation

Stay current on emerging AI security risks, controls and products, and translate relevant developments into practical improvements

Data Protection & DLP

Design and operate controls that protect PHI, employee data, clinician data and sensitive company information

Support DLP strategy across SaaS platforms, endpoints, browsers, collaboration tools, email, cloud services and AI systems

Improve visibility into sensitive data movement, sharing patterns and policy violations

Partner with Compliance, Legal, IT and business teams to support data protection requirements and reduce operational risk

Build automations and reporting that improve DLP response, control monitoring and evidence collection

Security Automation & Engineering Practices

Build automations that improve security operations, access management, control monitoring, remediation and audit evidence collection

Use APIs, scripting, webhooks, workflow platforms and infrastructure-as-code practices to reduce manual work and improve control consistency

Develop maintainable security workflows using tools and languages such as Python, Bash, PowerShell, Workato, Terraform, REST APIs and JSON

Apply modern engineering practices including version control, code review, documentation, testing and repeatable deployment patterns

Identify opportunities to simplify security processes while improving reliability and measurable outcomes

Governance, Risk & Compliance Enablement

Implement and maintain controls that support HIPAA, SOC 2, NIST, ISO 27001 and other applicable frameworks

Support audit evidence collection, control testing, remediation planning and continuous control monitoring

Identify security risks, document findings and partner with stakeholders to drive timely remediation

Translate compliance and risk requirements into practical engineering solutions that support business operations

Help define metrics that measure control health, security posture, operational maturity and risk reduction

Required qualifications

5+ years of experience in security engineering, corporate security, infrastructure security, enterprise security, IT security, cloud security or a related technical discipline

Deep hands-on experience designing, building and operating technical security controls in enterprise environments

Experience securing identity, endpoints, SaaS platforms, collaboration tools, cloud-connected services and internal systems

Strong experience with identity and access management concepts, including MFA, conditional access, privileged access, lifecycle automation, service accounts and least privilege

Experience working with security tools such as MDR platforms, EDR, SIEM, cloud security tools, endpoint management tools, vulnerability management tools or DLP systems

Experience with security platforms and telemetry sources such as Expel MDR, SentinelOne, Wiz, CloudTrail, Sumo Logic or similar tools

Experience with endpoint security, MDM, secure configuration management and vulnerability remediation across Mac, Windows or mobile environments

Experience using scripting, APIs or automation tools such as Python, Bash, PowerShell, Workato, Terraform, REST APIs, webhooks or JSON

Familiarity with detection engineering, alert tuning, incident response workflows and security operations processes

Strong understanding of Zero Trust principles, identity-centric security, least privilege, device trust and secure system design

Ability to work cross-functionally with IT, Security, Engineering, Compliance and business stakeholders

Strong documentation, ownership, judgment and ability to operate independently in ambiguous environments

Preferred qualifications

Experience operating at a Staff Engineer or senior technical leadership level

Experience in healthcare, financial services or other regulated environments

Experience supporting HIPAA, SOC 2, NIST, ISO 27001 or similar security and compliance frameworks

Experience securing enterprise AI tools, LLM platforms, AI agents or AI-enabled workflows

Exposure to AI platforms and security tools such as OpenAI, Anthropic, LiteLLM, Prompt Security, Pillar or similar technologies

Experience with DLP, CASB, SSPM, browser security, SaaS posture management or data discovery tools

Experience securing Google Workspace, Okta, Jamf, Microsoft Intune, GitHub, Slack, Atlassian, AWS or similar enterprise platforms

Experience building automations using REST APIs, webhooks, JSON, service accounts and API authentication patterns

Experience partnering with managed security providers, MDR teams, external auditors or compliance teams

Familiarity with AI security risks including sensitive data exposure, prompt injection, model access control, third-party plugin risk and AI system logging

Benefits

Charlie Health is pleased to offer comprehensive benefits to all full-time employees. Read more about our benefits here .

Additional Information

The total target base compensation for this role will be between $180,000 and $240,000 per year at the commencement of employment. Please note, pay will be determined on an individualized basis and will be impacted by location, experience, leveling, expertise, internal pay equity, and other relevant business considerations. Further, cash compensation is only part of the total compensation package, which, depending on the position, may include stock options and other Charlie Health-sponsored benefits.

#LI-HYBRID

Our Values

Connection: Care deeply & inspire hope.

Congruence: Stay curious & heed the evidence.

Commitment: Act with urgency & don’t give up.

Please do not call our public clinical admissions line in regard to this or any other job posting.

Please be cautious of potential recruitment fraud. If you are interested in exploring opportunities at Charlie Health, please go directly to our Careers Page: https://www.charliehealth.com/careers/current-openings. Charlie Health will never ask you to pay a fee or download software as part of the interview process with our company. In addition, Charlie Health will not ask for your personal banking information until you have signed an offer of employment and completed onboarding paperwork that is provided by our People Operations team. All communications with Charlie Health Talent and People Operations professionals will only be sent from @charliehealth.com email addresses. Legitimate emails will never originate from gmail.com, yahoo.com, or other commercial email services.

Recruiting agencies, please do not submit unsolicited referrals for this or any open role. We have a roster of agencies with whom we partner, and we will not pay any fee associated with unsolicited referrals.

At Charlie Health, we value being an Equal Opportunity Employer. We strive to cultivate an environment where individuals can be their authentic selves. Being an Equal Opportunity Employer means every member of our team feels as though they are supported and belong. We value diverse perspectives to help us provide essential mental health and substance use disorder treatments to all young people.

Charlie Health applicants are assessed solely on their qualifications for the role, without regard to disability or need for accommodation.

By clicking "Submit application" below, you agree to Charlie Health's Privacy Policy and Terms of Service.

By submitting your application, you agree to receive SMS messages from Charlie Health regarding your application. Message and data rates may apply. Message frequency varies. You can reply STOP to opt out at any time. For help, reply HELP.

Company website: https://charliehealth.com.

Department: IT.

ATS provider: Greenhouse.

Salary: compensation for this role will be between $180,000 and $240,000 per year at the commencement of employment.