Senior Security Engineer – Data Security & Security Reviews

Truveta provides unprecedented real-world data and real-time intelligence, powered by a dataset built with and owned by US health systems united in a mission of Saving Lives with Data. Together, we power breakthrough medical discoveries, accelerate regulatory-grade evidence, and improve patient care. Today, Truveta enables research on more than 130 million de-identified patients across the US.    Achieving Truveta’s ambitious mission requires an incredible team of talented and inspired people with a special combination of health, software and big data experience who share our  company values . Role Overview   We are looking for a  Senior Security Engineer  to lead  data security, threat modeling, and security reviews  across our applications and platforms.   This role focuses on  proactively identifying design-level risks , securing sensitive data, and ensuring systems are built with strong security foundations. You will work closely with engineering teams to influence architecture and embed security early in the development lifecycle.     Key Responsibilities   Lead  security design reviews  for new and existing systems, identifying risks and driving secure architecture decisions.    Perform  threat modeling  for services and platforms, translating threats into actionable engineering requirements.    Define and implement  data protection strategies , including:    Data classification and handling standards    Encryption (at rest/in transit)    Key management and secrets handling    Review  application architectures and APIs  for security weaknesses and design flaws.    Conduct  third-party/vendor security assessments , ensuring risks are identified and mitigated.    Partner with engineering teams to  remediate findings  and improve system design.    Establish and evolve  secure design patterns and guidelines  for developers.    Integrate  security into design and development workflows  (shift-left).    Evaluate and secure  AI/ML use cases , including risks such as data leakage and prompt injection.    Contribute to  security standards, policies, and best practices  across the organization.      Required Qualifications   8–12+ years of experience in  security engineering or application security .    Strong expertise in  threat modeling and secure system design .    Deep understanding of:    Application security principles (OWASP Top 10, API security)    Data protection and privacy concepts    Authentication and authorization mechanisms    Experience conducting  architecture and design-level security reviews .    Ability to  read and understand code  across common languages.    Strong communication skills to influence engineering teams.      Preferred Qualifications   Experience in  cloud environments (Azure preferred) .    Familiarity with  secure SDLC practices and DevSecOps tooling .    Experience with  regulated environments  (e.g., healthcare, finance).    Knowledge of  AI/ML security risks .    Relevant certifications (e.g., CISSP, CSSLP).      What We’re Looking For   Strong  analytical thinker  who can identify risks early in design.    Ability to  translate security into practical engineering guidance .    Comfortable working across teams and influencing decisions.