Sr. Director of Security Operations & Engineering

What You'll Be Doing

Leadership & Strategy
• Lead and develop teams responsible for cloud security engineering, network and infrastructure security, and security operations
• Define and execute the security engineering roadmap aligned with Arcadia’s mission and regulatory and compliance obligations (e.g., HIPAA, HITRUST, ISO 27001, SOC 2)
• Serve as the senior technical authority for all security controls, tooling, and automation initiatives
• Partner with Engineering, IT, and Compliance leadership to embed secure design principles into products and operations
• Own and evolve Arcadia’s Computer Security Incident Response Team (CSIRT), ensuring readiness, playbook maturity, and coordination across teams
• Represent Security Operations & Engineering in architecture reviews, executive updates, and customer discussions.
Technical Security Ownership
• Design, implement, and maintain security controls across Arcadia’s cloud, infrastructure, and application environments to ensure resilience, scalability, and compliance
• Architect secure AWS multi-account environments using services such as EKS, ECS, Lambda, and VPC, applying Zero Trust principles and automating configuration management with Terraform or CloudFormation
• Manage network and infrastructure security by maintaining segmentation, VPN, firewall, and endpoint protection controls, along with perimeter defenses including WAF, DDoS mitigation, and intrusion detection systems
• Lead the configuration and tuning of detection and response capabilities including SIEM pipelines, threat intelligence integration, and incident response workflows to enable rapid detection, containment, and remediation
• Serve as Arcadia’s Cyber Security Incident Response Team (CSIRT) Manager, directing the technical response to potential security incidents and coordinating cross-functional engagement during critical events
• Implement security-as-code practices that automate control validation, configuration baselines, and remediation using scripting and orchestration tools such as Python, PowerShell, and Bash
• Oversee identity and access management across AWS, Okta/Auth0, and Microsoft 365 environments to enforce least-privilege principles and secure authentication
Compliance & Risk Management
• Translate compliance controls (e.g., SOC 2, ISO 27001, HITRUST) into enforceable technical configurations
• Partner with the Security Assurance team to provide audit evidence and continuous control monitoring
• Partner with the Security Assurance to conduct and oversee technical risk assessments, vulnerability management, and remediation planning
• Ensure technical alignment to healthcare privacy and security requirements (e.g., HIPAA, HITECH)
Innovation & Continuous Improvement
• Evaluate emerging technologies in AI-driven detection, behavioral analytics, and modern DevSecOps tooling
• Benchmark security capabilities against industry best practices and high-performing SaaS peers
• Foster a culture of continuous improvement, collaboration, and technical excellence within Security Engineering and Operations

What You'll Bring

• 10+ years in information security, with at least 5 years in technical leadership roles
• Proven experience designing and operating secure, cloud-based SaaS infrastructure (AWS required; Azure or GCP a plus)
• Cloud security architecture and automation
• Incident detection and response
• Network engineering and security controls
• Vulnerability management and threat modeling
• Hands-on technical expertise with scripting/automation (Python, PowerShell, Bash), infrastructure-as-code (Terraform, CloudFormation), and CI/CD integration
• Strong familiarity with enterprise IT systems (Active Directory, Okta, MDM, SSO)
• Knowledge of regulatory and compliance frameworks including HIPAA, HITRUST, and ISO 27001
• Demonstrated experience leading multidisciplinary technical teams in dynamic environments

Would Love for You to Have

• More than one advanced security certifications such as CISSP, CCSP, GIAC (GCTI, GCIA, GCFA, GCSA), or AWS Security Specialty
• Experience with container security, Kubernetes, and EDR/MDR solutions
• Background in healthcare or other regulated industries
• Prior ownership of 24x7 security operations in a SaaS or cloud-native organization

What You'll Get

• Build and lead a world-class technical security organization in a mission-driven healthcare company
• Work with cutting-edge cloud technologies in a fully remote, collaborative environment
• Competitive compensation, comprehensive benefits, and strong career advancement opportunities
• Chance to be surrounded by a team of extremely talented and dedicated individuals driven to succeed
• Be a part of a mission driven company that is transforming the healthcare industry by changing the way patients receive care
• A flexible, remote friendly company with personality and heart
• Employee driven programs and initiatives for personal and professional development