​This is a full-time, Remote-First role at Bamboo Health, a leader in Real-Time Care Intelligence. This position is a technical “hybrid” role within the Security Operations (SecOps) team, blending application security, cloud defense, and incident response. You will protect a platform that impacts over 1 billion patient encounters annually, requiring a high degree of focus on HIPAA and HITRUST compliance.

• ​Location: Remote-First (US).
• ​Experience Required: Bachelor’s degree or 5+ years of equivalent professional experience.
• ​Core Focus: Web application penetration testing, vulnerability management, and security automation.
• ​On-Call: Participation in the incident response on-call rotation is required.
• ​Compliance Environment: SOC 2, HIPAA, HITRUST, and ISO 27001.

​Key Responsibilities: Proactive Testing and Reactive Response

​The Engineer serves as a technical partner across the software development lifecycle, ensuring that security is “baked in” rather than bolted on.

​Vulnerability Management and Pentesting

​You will manage infrastructure, container, and API vulnerabilities through Dynamic Application Security Testing (DAST) and manual penetration testing. This includes performing root-cause analysis and threat modeling to prioritize remediation efforts.

​Cloud and Kubernetes Security

​The role involves securing applications hosted in automated Kubernetes platforms and cloud environments (AWS, Azure, or GCP). You will be responsible for ensuring that containerized workloads meet strict security standards.

​DFIR and Detection Engineering

​You will support the Digital Forensics and Incident Response (DFIR) process, including monitoring events, containment of threats, and remediation. A major part of the role is developing automation scripts to streamline these operations and improve detection logic.

​Security Advocacy and SDLC

​Partnering with development teams is essential. You will advocate for secure coding practices and ensure that security checkpoints are integrated into the Software Development Lifecycle (SDLC).

​Required Technical Skills

​Bamboo Health is looking for a versatile engineer who can code, test, and respond to threats with equal proficiency.

• ​Security Testing: Practical experience with DAST tools and manual web application penetration testing.
• ​Operating Systems: Intermediate proficiency with Linux, macOS, and Windows.
• ​Cloud Mastery: Foundational knowledge of cloud platforms and experience securing Kubernetes or containerized environments.
• ​Automation: Intermediate understanding of scripting languages like Python, PowerShell, or Bash.
• ​Compliance Knowledge: Familiarity with healthcare-specific frameworks such as HIPAA and HITRUST.
• ​Communication: Ability to articulate technical risk and business rationale to both engineers and stakeholders.

​The First Year: Roadmap to Success

• ​Months 1–3: Mastery of internal tools; supervised vulnerability scanning; integration into the on-call rotation.
• ​Months 4–6: Independent web application penetration testing; management of the automated phishing training program.
• ​Months 7–12: Leading the system-wide vulnerability management program; implementing security automation to replace manual procedures.