About Medeloop

Medeloop is creating the future of clinical operations and health research through cutting-edge AI and big data technologies. Our unified platform, spanning AI-powered analytics, study management, and grant automation, streamlines the entire research lifecycle, enabling faster, smarter, and more impactful discoveries across medicine and public health.

Recognized by Politico as the “AI Disrupter-in-Chief” for healthcare and public health, Medeloop is trusted by premier institutions across government, academia, and life sciences. From major healthcare centers to leading life science companies, our partners rely on Medeloop to unlock insights that were previously out of reach.

At the heart of our platform is one of the largest and most diverse health data ecosystems in the industry with over 100 million patient records that fuel the work of AI “scientists” purpose-built to drive breakthroughs in health equity, drug development, chronic disease, and more. Interested candidates can review a demo of one of our AI scientist research pipelines and read about our mission on our Linkedin.

We are a fast-growing company backed by world-class investors including General Catalyst, Icon Ventures, Inovia Capital, and Healthier Capital. Our team includes leaders in AI, life sciences, and medical research (such as the former editor-in-chief of JAMA, the team who wrote the most-read scientific publication in medicine for 2023 and public health for 2018, and the creators of BloombergGPT) who bring unmatched expertise and vision to our mission. The company is led by serial entrepreneurs with a proven track record.

We're not just building tools; we're building a better future. By accelerating research timelines and expanding access to insights, Medeloop empowers the next generation of researchers to deliver faster cures, smarter policy, and ultimately, save lives.

Join us as we build the future of science.

As a Senior Security Engineer at Medeloop, you’ll execute our security strategy across cloud infrastructure, application development, and compliance. You’ll be responsible for designing scalable, secure systems while working closely with engineering, product, and compliance teams to uphold the highest standards for data security and privacy, especially in a regulated health-tech environment.

Key Responsibilities:

• Define and lead Medeloop’s security engineering roadmap across infrastructure, applications, and operations.
• Own the implementation and management of secure AWS-based environments (IAM, VPCs, encryption, access policies).
• Lead internal threat modeling, risk assessments, and security reviews across products and systems.
• Develop and maintain infrastructure security controls and automate security testing (e.g., vulnerability scanning, secrets detection, container security).
• Collaborate with DevOps to secure CI/CD pipelines, container environments, and deployment processes.
• Partner with engineering teams to establish secure coding practices and perform code reviews through a security lens.
• Support SOC2, HIPAA, and FedRAMP compliance by helping define and enforce policies, documentation, and incident response plans.
• Evaluate and deploy security tools, services, and vendors to strengthen Medeloop’s security posture.
• Stay current with the latest security threats, technologies, and best practices and apply them proactively.

Who You Are:

• 6+ years of experience in security engineering, with a strong focus on cloud-native environments (AWS preferred).
• Experience implementing and managing security controls in production environments, ideally in health tech or regulated industries.
• Proficiency with AWS security services (e.g., IAM, KMS, GuardDuty, CloudTrail, WAF, Security Hub).
• Experience with IaC security (e.g., CDK, Terraform, CloudFormation) and secure CI/CD practices.
• Strong understanding of network security, encryption, identity & access management, and container security.
• Hands-on experience with vulnerability management, SAST/DAST tools, and incident response.
• Excellent communicator, capable of translating technical risks into a business context.
• Passion for security, privacy, and the mission of improving healthcare through responsible technology.