About this role
Truveta provides unprecedented real-world data and real-time intelligence, powered by a dataset built with and owned by US health systems united in a mission of Saving Lives with Data. Together, we power breakthrough medical discoveries, accelerate regulatory-grade evidence, and improve patient care. Today, Truveta enables research on more than 130 million de-identified patients across the US.
Achieving Truveta’s ambitious mission requires an incredible team of talented and inspired people with a special combination of health, software and big data experience who share our company values.
Role Overview
We are looking for a Senior Security Engineer to lead data security, threat modeling, and security reviews across our applications and platforms.
This role focuses on proactively identifying design-level risks, securing sensitive data, and ensuring systems are built with strong security foundations. You will work closely with engineering teams to influence architecture and embed security early in the development lifecycle.
Key Responsibilities
Lead security design reviews for new and existing systems, identifying risks and driving secure architecture decisions.
Perform threat modeling for services and platforms, translating threats into actionable engineering requirements.
Define and implement data protection strategies, including:
Data classification and handling standards
Encryption (at rest/in transit)
Key management and secrets handling
Review application architectures and APIs for security weaknesses and design flaws.
Conduct third-party/vendor security assessments, ensuring risks are identified and mitigated.
Partner with engineering teams to remediate findings and improve system design.
Establish and evolve secure design patterns and guidelines for developers.
Integrate security into design and development workflows (shift-left).
Evaluate and secure AI/ML use cases, including risks such as data leakage and prompt injection.
Contribute to security standards, policies, and best practices across the organization.
Required Qualifications
8–12+ years of experience in security engineering or application security.
Strong expertise in threat modeling and secure system design.
Deep understanding of:
Application security principles (OWASP Top 10, API security)
Data protection and privacy concepts
Authentication and authorization mechanisms
Experience conducting architecture and design-level security reviews.
Ability to read and understand code across common languages.
Strong communication skills to influence engineering teams.
Preferred Qualifications
Experience in cloud environments (Azure preferred).
Familiarity with secure SDLC practices and DevSecOps tooling.
Experience with regulated environments (e.g., healthcare, finance).
Knowledge of AI/ML security risks.
Relevant certifications (e.g., CISSP, CSSLP).
What We’re Looking For
Strong analytical thinker who can identify risks early in design.
Ability to translate security into practical engineering guidance.
Comfortable working across teams and influencing decisions.