HiringCafe
Posted 10h ago

Senior Platform & Security Engineer

@ Highlight Health
View All Jobs
Philadelphia or United States
$130k/yrHybridFull Time
Responsibilities:Own infrastructure, Manage pipelines, Operate services
Requirements Summary:7-10 years in cloud platform engineering, DevOps, or infrastructure security; hands-on Azure across full lifecycle; experience with HIPAA and SOC 2 Type 2; Entra ID and security operations; healthcare/regulatory familiarity.
Technical Tools Mentioned:Azure, Azure DevOps, Azure Container Apps, Azure App Service, Azure Service Bus, Azure Database for PostgreSQL, Azure Blob Storage, Azure Key Vault, Microsoft Entra ID, Microsoft Defender, Application Insights, Log Analytics, Microsoft Sentinel, Microsoft Purview, M365, SharePoint, Teams
Save
Mark Applied
Hide Job
Report & Hide
Job Description

Overview

Highlight Health is a mission-driven company that protects consumer rights and controls healthcare costs exclusively for self-funded employers and their stop loss carriers. We are a profitable, fast-growing company without private equity investors.

We are currently building a sophisticated, proprietary Claims Intelligence Platform — a system of record handling protected health information (PHI) and generating financial recommendations with real-world legal and economic weight. Security, compliance, and platform reliability are not afterthoughts here; they are first-class engineering concerns.

We are looking for a Senior Platform and Security Engineer to own the Azure infrastructure, IT operations, and technical implementation of security controls that underpin this platform. This is a hands-on individual contributor role with a potential path toward team leadership as the company grows. You will work closely with the engineering team on platform changes and directly with leadership on SOC 2 Type 2 and HIPAA audit preparation.

If you want technical ownership of a platform where the stakes are real and the work is consequential, we would love to hear from you.

Essential Duties and Responsibilities

Azure Platform Ownership

  • Own infrastructure for all Azure resources across development, UAT, and production environments
  • Manage and evolve Azure DevOps pipelines for build, test, and deployment
  • Operate Azure Container Apps, App Service, Service Bus, Azure Database for PostgreSQL Flexible Server, Blob Storage, and supporting services
  • MaintainAzure Key Vault including secrets rotation and enforcement of least-privilege access
  • Configure and tune Application Insights and Log Analytics, including PHI-safe logging pipelines that prevent sensitive data from appearing in telemetry

Security Controls and Compliance

  • Implement andmaintaintechnical controls in support of SOC 2 Type 2 and HIPAA compliance programs
  • Administer Entra ID including conditional access policies, MFA enforcement, group lifecycle management, and identity governance
  • Partner with leadership on audit preparation, evidence collection, and control documentation
  • Contribute to incident response readiness, including tabletop exercises and runbook development
  • Manage logging and alerting functions through Microsoft Purview and Microsoft Sentinel, including alert tuning, analytics rules, and data connector configuration
  • Maintain and improve the organization’s security posture through vulnerability management, access reviews, and security monitoring

IT Operations

  • Own Office 365 administration, SharePoint configuration, and SaaS tool management for the organization
  • Serve as the internal technical authority on endpoint security, device management, and employee access provisioning
  • Evaluate and onboard new tooling as the company scales, with a bias toward security and operational simplicity

The Technical Environment

  • Infrastructure: Azure Container Apps, Azure App Service, Azure Service Bus, Azure Database for PostgreSQL Flexible Server, Azure Blob Storage
  • Security and Identity: Azure Key Vault, Microsoft Entra ID, Microsoft Defender, Azure Policy
  • Observability and Security Operations: Application Insights, Log Analytics Workspaces, Microsoft Sentinel, Microsoft Purview
  • CI/CD: Azure DevOps pipelines
  • Productivity: Microsoft 365, SharePoint, Teams
  • Compliance targets: SOC 2 Type 2, HIPAA

Experience and Qualifications

  • 7–10 years in cloud platform engineering, DevOps, or infrastructure security
  • Hands-on production Azure experience across thefull servicelifecycle, not just resource provisioning
  • Practical experience implementing technical controls for HIPAA and SOC 2 Type 2
  • Fluent in Entra ID: conditional access, MFA, role assignments, and identity governance
  • Appliesappropriate safeguardsfor protected health information, including PHI-safe logging pipelines, data isolation, and least-privilege access controls
  • Comfortable owning IT operations end-to-end: M365, SaaS administration, and employee access management included
  • Brings a point of view. This role requires someone who assesses the environment,identifiesgaps, and recommends a path forward
  • Energized by doing the work. This is a hands-on role with full ownership of the platform and security posture
  • Healthcare or regulated industry background is a genuine advantage
  • Comfortable incorporating AI-assisted tools and workflows into day-to-day work to improve speed and quality