Lead Security Engineer

About us

Thesis is building the AI-powered care team platform for infinitely scalable clinical capacity. We radically increase access and improve quality of care by combining AI agents with clinical experts to take on high-impact clinical operations and care management activities for healthcare organizations.

We’re based in NYC, are growing rapidly, and are backed by $60 million in funding from Oak HC/FT, CRV, Black Opal Ventures, and experienced C-level healthtech angel investors.

About the role

We are looking for a Security Lead to own Thesis’s security program end-to-end, spanning cloud and infrastructure security, application security, compliance readiness, access management, and incident response. This is a strategic, hands-on role: you’ll partner closely with Engineering, Product, and Operations to embed security into how we design, build, and operate our platform, and you’ll be a client-facing leader who can confidently support security reviews, questionnaires, and audits with healthcare partners.

Responsibilities:

• Own the security roadmap: Define and execute Thesis’s security strategy and priorities as we scale in a highly regulated environment.
• Secure the platform: Architect and implement secure cloud infrastructure (AWS), logging/monitoring, IAM, vulnerability management, and secure SDLC practices.
• Drive compliance readiness: Lead technical execution for SOC 2, HIPAA, and related frameworks, building scalable controls, evidence collection, and audit readiness.
• Run incident response: Own detection/response tooling, runbooks, on-call readiness, and post-incident learning to continuously improve resilience.
• Be cross-functional and client-facing: Build relationships with cross-functional stakeholders and represent Thesis in customer security conversations.

We expect you to have:

• Technical security depth: 6-8+ years of engineering experience, with 2+ years focused on security engineering and shipping security improvements in production.
• Cloud & appsec foundation: Hands-on expertise with AWS security, network security, container/orchestration security, and secure SDLC practices.
• Compliance experience: Familiarity supporting SOC 2, HIPAA, or similar frameworks from a technical security standpoint.
• Automation mindset: Proficiency scripting/automating (Python, Bash, etc.) and comfort embedding security controls into CI/CD.Strong communication & ownership: The ability to influence engineering decisions and communicate clearly with non-technical stakeholders (including customers).
• NYC-based: You are based in New York and excited to be in-office ~3 days per week.

Target compensation for this role is $225-$275k, plus equity and a generous benefits package.

Thesis Care is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.