Truveta provides unprecedented real-world data and real-time intelligence, powered by a dataset built with and owned by US health systems united in a mission of Saving Lives with Data. Together, we power breakthrough medical discoveries, accelerate regulatory-grade evidence, and improve patient care. Today, Truveta enables research on more than 130 million de-identified patients across the US.  

Achieving Truveta’s ambitious mission requires an incredible team of talented and inspired people with a special combination of health, software and big data experience who share our company values. 

Role Overview 

We are looking for a Principal Security Engineering Manager to own and drive security across applications, cloud infrastructure, and platform operations. 

This role requires a hands-on technical leader who can design and implement security controls end-to-end while partnering closely with engineering teams. The ideal candidate brings a strong mix of software engineering, cloud architecture, and security expertise, with the ability to scale security practices in a modern, cloud-native environment. 

 

Key Responsibilities 

• Lead the design and implementation of security controls across the full technology stack, including applications, services, and cloud infrastructure.  

• Establish and drive secure development practices, integrating security into CI/CD pipelines and developer workflows.  

• Own programs for identifying and addressing risks, including:  

• Vulnerability discovery and remediation  

• Application and infrastructure testing  

• Continuous validation of security posture  

• Define and implement data protection strategies, including encryption, access controls, and data handling standards.  

• Conduct and govern security assessments for both internally developed systems and external vendors/partners.  

• Build and enhance identity and access control systems, ensuring least privilege and strong authentication mechanisms.  

• Develop and mature logging, monitoring, and detection capabilities to identify and respond to threats effectively.  

• Strengthen threat detection and incident response readiness through automation, telemetry, and engineering-driven approaches.  

• Design and secure cloud and network architectures, including edge protection, traffic filtering, and service isolation.  

• Drive adoption of modern security architectures such as zero trust and defense-in-depth.  

• Integrate security into emerging technologies, including AI/ML systems, ensuring protection against data leakage and model abuse.  

• Partner with engineering, platform, and product teams to embed security into system design and architecture decisions.  

• Lead by example as a hands-on engineer, contributing to design reviews, code, and automation where needed.  

• Mentor and guide engineers, raising the overall security and engineering maturity of the organization.  

 

Required Qualifications 

• 12–16+ years of experience in security engineering, software engineering, or cloud security.  

• Strong background in software development or DevOps, with the ability to build or review code and automation.  

• Deep understanding of:  

• Secure application design and common vulnerabilities  

• Cloud platforms (Azure preferred) and distributed systems  

• Identity systems and access control models  

• Monitoring, detection, and response mechanisms  

• Network and edge security principles  

• Experience implementing security at scale in cloud-native environments.  

• Proven ability to balance strategic thinking with hands-on execution.  

• Strong communication skills with the ability to influence engineering and leadership teams.  

 

 

Preferred Qualifications 

• Experience in regulated environments (e.g., healthcare, finance).  

• Familiarity with modern AI/ML security considerations.  

• Experience with large-scale telemetry and detection systems (e.g., SIEM platforms).  

• Knowledge of industry standards and compliance frameworks.  

• Relevant certifications (e.g., CISSP, OSCP, cloud security certifications).  

 

What We’re Looking For 

• A builder and problem-solver who can operate across multiple layers of the stack.  

• Someone who naturally bridges engineering and security rather than treating them separately.  

• A leader who can simplify and unify security practices across teams.  

• Strong ownership mindset with the ability to drive outcomes in a complex environment.