Staff Security Engineer

About Us: Here at Ambience, we never set out to be just another scribe. We’re building the AI intelligence platform that restores humanity to healthcare and drives meaningful ROI for health systems across the country. Our technology helps providers focus on delivering great care by removing the administrative burden that pulls them away from patients and away from their most impactful work. Ambience delivers real-time coding-aware documentation and clinical workflow support across ambulatory, emergency and inpatient settings at the top health systems in North America. Our teams operate relentlessly with extreme ownership to build the best solutions for our health system partners. We value candor, positivity and deep thought — and we expect a lot from each other because we know the problems we’re solving truly matter. Ambience was ranked #1 for Improving the Clinician Experience in the KLAS Research Emerging Solutions Top 20 Report, recognized by Fast Company as one of the Next Big Things in Tech, named one of the best AI companies in healthcare by Inc., and selected as a LinkedIn Top Startup in 2024 and 2025. We’re backed by Oak HC/FT, Andreessen Horowitz (a16z), OpenAI Startup Fund, and Kleiner Perkins — and we’re just getting started. THE ROLE: Ambience runs real-time clinical workflows inside the most security-sensitive health systems in the country. That means security can’t be bolted on, it has to be engineered into the product. As a Staff Security Engineer, you’ll own the systems that protect our platform at scale: application security, cloud security, detection and response, and the security primitives other teams build on. You’ll design guardrails that make the secure path the default, harden our infrastructure against real threats, and partner with engineering to eliminate entire classes of risk. This is a builder role. You’ll write code, design systems, and lead cross-cutting security initiatives that directly enable enterprise trust and customer expansion. WHAT YOU’LL OWN: Application & Platform Security — Design and implement secure-by-default patterns across our backend and infrastructure. Identify and remediate vulnerabilities in application logic, APIs, and data flows. Cloud & Infrastructure Security — Own security posture across our cloud environment: IAM, network boundaries, secrets management, and secure service-to-service communication. Detection & Incident Response — Build and operate detection pipelines, alerts, and runbooks. Lead investigations, root cause analysis, and systemic fixes — not just one-off patches. Security Tooling & Automation — Extend and integrate security tools through code. Automate controls, evidence collection, and remediation to reduce manual work and scale coverage. Security Architecture & Leadership — Set technical direction for security across teams. Threat model new products, influence designs early, and raise the security bar company-wide. WHO YOU ARE: Experience & Impact: You have 7+ years (Staff) to 12+ years (Principal) of hands-on security engineering experience. You don’t just find bugs; you design systems that prevent entire classes of vulnerabilities. Scalable Scope: - At the Staff level, you have led cross-cutting security initiatives and influenced architecture for major product areas. - At the Principal level, you have a track record of defining company-wide security North Stars, mentoring other senior engineers, and shifting the security culture of an entire organization. Engineering Roots: Strong software engineering fundamentals are a must. You are comfortable reading, writing, and modifying production code in Python, Go, or TypeScript. You view security as an engineering problem, not a compliance checklist. Proven experience in security architecture and systems hardening across applications, infrastructure, and cloud environments Hands-on with vulnerability management and penetration testing: identifying, prioritizing, and driving remediation of real risks Experience selecting and extending modern security tools for detection, incident response, automation, and threat monitoring Strong cloud security background (AWS and/or GCP), including IAM, networking, and secure service design Collaborative and pragmatic: able to partner with engineers, influence designs early, and explain security tradeoffs clearly WHY HERE: At most companies, security is reactive. At Ambience, it’s a product enabler. The systems you build determine whether we can earn — and keep — the trust of the largest health systems in the country. You’ll have real ownership, direct access to leadership, and the chance to shape how security engineering is done at a company where it truly matters. Small team, high trust, and problems that are both technically deep and mission-critical. Pay Transparency We offer a base compensation range of approximately $250,000–$325,000 per year, along with meaningful equi