Member of Technical Staff, Security
About Mandolin
Mandolin is building the clinical and financial infrastructure to bring groundbreaking treatments to patients faster through AI agents. We partner with major healthcare institutions across the US, managing over $10B in drug spend annually. Backed by leading investors and founded by tech pioneers, Mandolin is dedicated to transforming healthcare.
The Role
Mandolin seeks a Security Engineer to integrate security into SDLC, conduct app security reviews, and support compliance initiatives. This role requires hands-on experience in Application Security, Platform/Cloud Security, and GRC, partnering with Engineering, DevOps, IT, and Compliance teams.
What You’ll Do
- Integrate security into SDLC and CI/CD pipelines
- Conduct app security reviews, threat modeling, vulnerability assessments, and secure code review practices
- Identify and remediate OWASP Top 10, API, auth/authorization, secrets management, and dependency vulnerabilities
- Design and implement security controls across cloud and infrastructure environments (AWS, Azure, GCP)
- Secure cloud-native platforms, containers, Kubernetes, CI/CD systems, and IaC deployments
- Monitor and improve logging, alerting, vulnerability management, endpoint protection, and incident response capabilities
- Collaborate with Platform Engineering and DevOps teams for infrastructure hardening and operational security
- Support security compliance initiatives like SOC 2, ISO 27001, HIPAA, PCI-DSS, GDPR, and NIST
- Assist with risk assessments, audit readiness, policy development, vendor security reviews, and remediation tracking
- Research emerging threats, vulnerabilities, and security technologies to enhance organizational security
Must-Have Experience
- 4+ years of Security Engineering, App Sec, Cloud Sec, DevSecOps, or related cybersecurity roles
- Strong understanding of App Sec, Infra/Cloud Sec, and security compliance concepts
- Experience securing modern web apps, APIs, cloud environments, and distributed systems
- Hands-on cloud platform experience (AWS, Azure, GCP)
- Familiarity with CI/CD pipelines, container security, Kubernetes, and IaC security practices
- Experience with security tools (SAST, DAST, SIEM, vulnerability scanners, CSPM, EDR/XDR, IAM)
- Scripting or automation experience (Python, Bash, PowerShell)
- Strong communication skills for collaborating across tech and non-tech teams
Nice-to-Haves
- Experience in SaaS, fintech, healthcare, or other regulated environments
- Familiarity with Zero Trust architectures and modern identity/security frameworks
- Experience supporting compliance audits and governance initiatives
- Relevant certifications (CISSP, Security+, AWS Security Specialty, etc.)
Compensation Philosophy
The U.S. base salary range for this role is $160,000 - $270,000. Actual base salaries are determined by candidate-specific factors, including experience, skillset, and location, and local minimum pay requirements as applicable.
Benefits & Perks
- Free lunch in the office daily & dinner after 7PM
- Comprehensive health, dental, & vision insurance
- Life insurance
- 10 company holidays
- Take what you need PTO
- 4% 401k matching
- $300/month company-sponsored commuter benefits
- State-of-the-art gym in the office
- And more!