Metriport (YC S22) is hiring a security engineer to harden healthcare infra
Source: Hacker News
Metriport is an open‑source data‑intelligence platform that helps healthcare organizations access and exchange patient data in real‑time. We integrate with all major US healthcare IT systems and tap into comprehensive medical data for 300 + million individuals.
We’ve found product‑market fit with multi‑million ARR, 100 + customers (including Strive Health, Circle Medical, and Brightside Health), backing from top VCs, a massive recent infusion of capital, and years of runway. We’re ready to scale.
We’re a tight‑knit, high‑performing team of mostly former founders (including two YC alumni). We’re engineering‑heavy, operate with minimal bureaucracy and high autonomy, and hire based on competence—not prestige. We push hard—founders work six days a week from our SF office—but give everyone freedom to craft their schedule. We measure output and are committed to sustainable intensity.
About us
The following points give you the gist of where we’re at, why we’ll win, and our company culture:
- Tight‑knit, high‑performing, passionate team – we work with consistent intensity and have become a leader in our industry with a fraction of the resources of our competitors.
- Consistency means we push as hard as humanly possible while keeping our health and personal lives in check.
- Meaningful work gets us out of bed; we wouldn’t be satisfied building yet another CRM.
- Underdog pedigree – we don’t hire based on prestige, but on demonstrated competence and potential.
- Engineering‑heavy – most engineers are former founders (including two ex‑YC founders).
- Flat structure with little red tape or bureaucracy; we get stuff done and foster a collaborative environment with high autonomy. Our GitHub commit history and product velocity testify to this.
- Founders set the pace by working six days a week in our SF office, but everyone has full freedom to craft a schedule that works for the team and themselves – output is measured.
About you
In a nutshell, we’re looking for a security engineer with the following qualities:
- Entrepreneurial‑minded with an Olympian‑level work ethic (nearly our entire engineering team consists of former founders).
- Passionate about security and excited to own security‑related projects end‑to‑end.
- Confident building scalable full‑stack systems; people often turn to you for technical guidance.
- Able to solve any problem that comes your way and willing to dive deep into unfamiliar domains.
- Strong sense of ownership and demonstrated ability to lead others.
- Moves fast while maintaining a strong security posture.
- Focused on delivering value rather than chasing the newest, flashier tech.
- When a project is scoped for three weeks, you ask, “Why can’t it be done in three days?”
- A hacker at heart with a good sense of which rules should (or shouldn’t) be broken.
What you’ll be doing
After quickly ramping up with our comprehensive onboarding materials, you’ll start shipping product directly to customers. Day‑to‑day responsibilities include:
- Evangelizing security across Metriport’s growing team – providing guidance and training.
- Driving full‑stack security projects (big and small) from ideation to production rollout, such as:
- Implementing an enterprise‑grade audit‑logging solution for a new national healthcare network infrastructure stack.
- Implementing fine‑grained RBAC on the API‑key access layer and more robust roles on our UIs.
- Revamping internal security policies and deploying tools that keep the platform and employees secure while preserving efficiency.
- Assisting the engineering team with PR reviews from a security‑focused lens.
- Working with the Go‑to‑Market team to complete customer security assessments and questionnaires.
- Hardening security across the development lifecycle (secret management, access controls, vulnerability scanning, etc.).
- Managing your own work in Linear.
- Participating in bi‑weekly sprint planning/retro sessions and quarterly planning sessions.
- Attending a daily 30‑minute remote stand‑up at 7:30 am PST, Mon‑Fri (our only regular mandatory meeting).
Requirements
- 6 + years of experience in security engineering and information security.
- Located in San Francisco or the Bay Area (or willing to relocate).
- Familiarity with HIPAA‑compliant environments.
- Experience rolling out and maintaining security frameworks such as SOC 2, NIST, HITRUST, FedRAMP, etc.
- Experience deploying data‑protection technologies (SSO, MFA, VPN, FIPS, etc.).
- Experience with organizational secret management.
- Experience implementing SCA, SAST, DAST in CI/CD workflows.
- Experience with Mobile Device Management (MDM).
- Proficiency in cloud security & networking on AWS (IAM, WAF, KMS, etc.).
- Proficiency in authentication, cryptography, encryption, and security protocols (mTLS, RSA, SSL, HMAC, RBAC, etc.).
- Bonus: Experience with IHE profiles (ATNA, CT, XUA).
Benefits
- Competitive equity + compensation package 🚀
- Salary range: $160,000 – $220,000
- Full‑family Platinum health insurance, dental, and vision coverage 🦷
- 401(k) retirement plan with matching 💰
- Flexible work‑from‑home or in‑office arrangement 🏢
- Healthy lunch stipend and other wellness perks
Benefits
- In‑office perks – complimentary meals (breakfast & dinner as needed) 🍏
- Quarterly company off‑sites with the team ⛷️
- MacBook provided by us 💻
- Unlimited PTO – we work hard, but trust you to take the time you need to be at your best 🧘♂️
Our Tech
- Frontend: React
- Backend: Node.js & TypeScript for core business logic
- Cloud: Wide range of AWS services (ECS, Fargate, Lambda, etc.)
- Infrastructure as Code: AWS CDK
- Data stores: PostgreSQL, DynamoDB, S3, Snowflake, FHIR servers, and more
- Security & compliance: Oneleet
Metriport provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability, genetics, sexual orientation, gender identity, or gender expression. We are committed to a diverse and inclusive workforce and welcome people from all backgrounds, experiences, perspectives, and abilities.