CommunityJobsAdviceEventsReviewsFor EmployersFor ClientsCoach Connect
CommunityJobsAdviceEvents
JOB SEARCH

Sr. Director of Security Operations & Engineering

Arcadia

United States (Remote)

#eaa8378e-ebf1-4fce-b458-e9f7096b7cf8

Position summary

's healthcare data and SaaS platform.

This is a hands-on technical leadership position. The successful candidate will architect, build, and operate modern security systems while leading engineers, analysts, and network specialists. They will define and drive Arcadia's technical security roadmap, manage incident response, and implement resilient, scalable security solutions in a highly regulated healthcare SaaS environment.

What Success Looks Like

In 3 months

  • Complete all mandatory training and onboarding activities

  • Gain a deep understanding of Arcadia's infrastructure, threat landscape, and existing controls

  • Establish clear objectives and technical direction for each pod (e.g., Cloud Security/Security Engineering, Network & Infrastructure Security, and Threat Detection & Response)

  • Lead and participate in active incident response and threat hunting activities

  • Deliver measurable improvements in detection coverage, cloud posture, and automation

  • Implement engineering and process changes that reduce operational burden and MTTR

  • Mentor and grow the team's technical capabilities and leadership maturity

In 6 months

  • Mature Arcadia's Security Operations & Engineering program into a data-driven, automation-enabled function

  • Demonstrate reduced risk exposure and improved audit readiness through measurable KPIs

  • Be recognized across the company as the go-to technical leader for security architecture and response

In 12 months

  • Mature Arcadia's Security Operations & Engineering program into a unified, metrics-driven function with defined KPIs for detection, response, and remediation performance

  • Demonstrate measurable improvement in enterprise and cloud security posture through improved coverage, reduced mean time to detect (MTTD) and mean time to respond (MTTR), and reduced audit findings

  • Establish and maintain automated, auditable evidence collection processes that streamline HITRUST, ISO 27001, and SOC 2 compliance

  • Deliver a robust, continuously tested incident response framework with automated containment capabilities and full integration into corporate and product operations

  • Partner with Product, Infrastructure, and Engineering leadership to embed security design principles and tooling into development lifecycles, driving measurable shifts toward secure-by-default practices

  • Influence company-wide technology and risk strategies by serving as a key advisor to executive leadership on emerging threats, security investments, and architecture decisions

  • Position Arcadia as an industry leader in healthcare security by driving innovation in automation, detection, and resilience while maintaining operational excellence

What You'll Be Doing

Leadership & Strategy

  • Lead and develop teams responsible for cloud security engineering, network and infrastructure security, and security operations
  • Define and execute the security engineering roadmap aligned with Arcadia's mission and regulatory and compliance obligations (e.g., HIPAA, HITRUST, ISO 27001, SOC 2)
  • Serve as the senior technical authority for all security controls, tooling, and automation initiatives
  • Partner with Engineering, IT, and Compliance leadership to embed secure design principles into products and operations
  • Own and evolve Arcadia's Computer Security Incident Response Team (CSIRT), ensuring readiness, playbook maturity, and coordination across teams
  • Represent Security Operations & Engineering in architecture reviews, executive updates, and customer discussions.

Technical Security Ownership

  • Design, implement, and maintain security controls across Arcadia's cloud, infrastructure, and application environments to ensure resilience, scalability, and compliance
  • Architect secure AWS multi-account environments using services such as EKS, ECS, Lambda, and VPC, applying Zero Trust principles and automating configuration management with Terraform or CloudFormation
  • Manage network and infrastructure security by maintaining segmentation, VPN, firewall, and endpoint protection controls, along with perimeter defenses including WAF, DDoS mitigation, and intrusion detection systems
  • Lead the configuration and tuning of detection and response capabilities including SIEM pipelines, threat intelligence integration, and incident response workflows to enable rapid detection, containment, and remediation
  • Serve as Arcadia's Cyber Security Incident Response Team (CSIRT) Manager, directing the technical response to potential security incidents and coordinating cross-functional engagement during critical events
  • Implement security-as-code practices that automate control validation, configuration baselines, and remediation using scripting and orchestration tools such as Python, PowerShell, and Bash
  • Oversee identity and access management across AWS, Okta/Auth0, and Microsoft 365 environments to enforce least-privilege principles and secure authentication

Compliance & Risk Management

  • Translate compliance controls (e.g., SOC 2, ISO 27001, HITRUST) into enforceable technical configurations
  • Partner with the Security Assurance team to provide audit evidence and continuous control monitoring
  • Partner with the Security Assurance to conduct and oversee technical risk assessments, vulnerability management, and remediation planning
  • Ensure technical alignment to healthcare privacy and security requirements (e.g., HIPAA, HITECH)

Innovation & Continuous Improvement

  • Evaluate emerging technologies in AI-driven detection, behavioral analytics, and modern DevSecOps tooling

  • Benchmark security capabilities against industry best practices and high-performing SaaS peers

  • Foster a culture of continuous improvement, collaboration, and technical excellence within Security Engineering and Operations

What You'll Bring

  • 10+ years in information security, with at least 5 years in technical leadership roles

  • Proven experience designing and operating secure, cloud-based SaaS infrastructure (AWS required; Azure or GCP a plus)

  • Cloud security architecture and automation

  • Incident detection and response

  • Network engineering and security controls

  • Vulnerability management and threat modeling

  • Hands-on technical expertise with scripting/automation (Python, PowerShell, Bash), infrastructure-as-code (Terraform, CloudFormation), and CI/CD integration

  • Strong familiarity with enterprise IT systems (Active Directory, Okta, MDM, SSO)

  • Knowledge of regulatory and compliance frameworks including HIPAA, HITRUST, and ISO 27001

  • Demonstrated experience leading multidisciplinary technical teams in dynamic environments

Would Love for You to Have

  • More than one advanced security certifications such as CISSP, CCSP, GIAC (GCTI, GCIA, GCFA, GCSA), or AWS Security Specialty

  • Experience with container security, Kubernetes, and EDR/MDR solutions

  • Background in healthcare or other regulated industries

  • Prior ownership of 24x7 security operations in a SaaS or cloud-native organization

What You'll Get

  • Build and lead a world-class technical security organization in a mission-driven healthcare company

  • Work with cutting-edge cloud technologies in a fully remote, collaborative environment

  • Competitive compensation, comprehensive benefits, and strong career advancement opportunities

  • Chance to be surrounded by a team of extremely talented and dedicated individuals driven to succeed

  • Be a part of a mission driven company that is transforming the healthcare industry by changing the way patients receive care

  • A flexible, remote friendly company with personality and heart

  • Employee driven programs and initiatives for personal and professional development

About Arcadia

Arcadia.io helps innovative providers and payers across the country transform healthcare to reduce cost while improving patient health. We do this by aggregating large amounts of disparate data, applying algorithms to identify opportunities to provide better patient care, and making those opportunities actionable by physicians at the point of care in near-real time. We are passionate about helping our customers drive meaningful outcomes. We are growing fast and have emerged as a market leader in the highly competitive population health management software market and have been recognized by industry analysts KLAS, IDC, Forrester, and Chilmark for our leadership. For a better sense of our brand and products, please explore our website .

Protect Yourself

If you have concerns about the authenticity of a job offer or recruitment-related communication claiming to be from Arcadia, we encourage you to verify by contacting us directly at (781) 202-3600 and select option 3. For more information, visit our website .

This position is responsible for following all Security policies and procedures in order to protect all PHI under Arcadia's custodianship as well as Arcadia Intellectual Properties. For any security-specific roles, the responsibilities would be further defined by the hiring manager.