Opala

Opala develops healthcare products that tackle the most complex data challenges faced by payers and providers. As a startup originating from a major healthcare plan in the Northwest, we combine deep health-tech expertise with top-tier data and software engineering talent to create products that our customers find meaningful and valuable. These data products empower payers and their partners to find timely insights and take action to intervene in areas like value-based care analytics, interoperability compliance, and real-time streaming of clinical data. In this remote position, we're seeking an experienced Senior Platform Security Engineer to join our team. Here, you will play a critical role in securing our cloud infrastructure and embedding strong security practices across our engineering squads. You’ll bridge platform engineering and security, building paved-road guardrails that make it easy for developers to ship securely in a healthcare data environment. You'll also both "lead by doing" (designing and implementing IaC guardrails, CI/CD security checks, and software supply chain protections) AND "lead by influence" (mentoring engineers and partnering with our Security and Compliance team). Responsibilities: - Monitor and secure our Azure + AWS environments, responding to incidents and remediating vulnerabilities. - Design and implement Infrastructure as Code guardrails (Terraform, Bash, Azure CLI, AWS CLI, Jinja, CloudInit). - Embed security checks into CI/CD pipelines (GitHub Actions). - Build and manage secrets management, identity solutions, and key rotation. - Partner with squads to ensure product features are secure and compliant by design. - Investigate security breaches and document root cause and remediation steps. - Integrate logging/monitoring with SOC/MDR vendor to ensure strong detection and response. - Perform SAST/DAST testing and strengthen software supply chain security. - Develop and implement an immutable infrastructure strategy. - Build and execute a red team and blue team strategy to continually test defenses. - Research security enhancements and make recommendations to leadership. - Stay current on IT and security standards, advising the company on emerging risks. Minimum Qualifications: - Bachelor’s degree in computer science or related field (or equivalent experience). - 6+ years in platform engineering, DevSecOps, or cloud security roles, with at least 4 in a senior capacity. - 2+ years mentoring and developing junior team members. - Experience with security in both AWS and Azure. - Experience with IaC tools and automation (Terraform, Bash, Azure CLI, AWS CLI, Jinja, CloudInit). - Experience with SAST/DAST and securing the software supply chain. - Experience with OpenAPI/Swagger JSON specifications and API security. - Familiarity with SOC 2 controls and know how to enforce them in cloud systems. - Familiarity with HIPAA controls and know how to enforce them in cloud systems. - Strong Bash scripting skills for automation. - Ability to collaborate closely with developers and product squads while setting security best practices. Preferred Qualifications: - 2+ years of vendor management experience.Security certifications (AWS Security Specialty, AZ500, CISSP, etc.). - Experience using or administering compliance automation tools (Drata or similar GRC platforms). - Experience with HITRUST controls and how to enforce them in cloud systems. - Exposure to enterprise architecture frameworks such as TOGAF. - Experience in regulated industries (healthcare, fintech, etc.). - Experience leading or coordinating red/blue team exercises. - Experience with other scripting languages: PowerShell, python Benefits: - The Seattle base salary range for this full-time position is $163k-$192k. Within the range, individual pay is determined by work location and additional factors, including job-related skills, experience, and relevant education or training. - Benefits include medical, dental, vision, life and AD&D insurance, EAP, short-term and long-term disability, 16 days PTO, 8 paid holidays, fully paid holiday closure, parental and family medical leave, 401k, stock options and annual bonuses and salary increases based on merit. Diversity and Inclusivity Statement: - At Opala, we believe that diversity and inclusivity are critical to our success. We encourage and value diverse perspectives and experiences, and we believe that they are essential for driving innovation and creating products that meet the needs of our diverse customer base.  Opala is an equal opportunity employer and makes employment decisions on the basis of merit. We are committed to providing a workplace free from harassment and discrimination. We celebrate the unique differences of our employees because that is what drives curiosity, innovation, and the success of our business. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, gender identity or expression, age, marital status, veteran status, disability status, pregnancy, parental status, genetic information, political affiliation, or any other status protected by the laws or regulations in the locations where we operate. Accommodations are available for applicants with disabilities.

Opala develops healthcare products that tackle the most complex data challenges faced by payers and providers. As a startup originating from a major healthcare plan in the Northwest, we combine deep health-tech expertise with top-tier data and software engineering talent to create products that our customers find meaningful and valuable. These data products empower payers and their partners to find timely insights and take action to intervene in areas like value-based care analytics, interoperability compliance, and real-time streaming of clinical data. In this remote position, we are seeking a Security & Compliance Manager to lead Opala’s compliance and risk management program in a fast-moving healthcare data startup environment. This role owns our audit roadmap (SOC 2, HIPAA, HITRUST), ensures compliance with regulatory frameworks, and drives customer trust by managing security reviews, vendor assessments, and evidence collection. This role is two-fold. As a strategic leader, you will be guiding our compliance roadmap, managing our MSP (IT + SOC/MDR), and interfacing with auditors. As a hands-on contributor, you will be partnering with engineering squads and our Security & Compliance Team to operationalize evidence gathering and process maturity. Responsibilities: - Own and maintain the company’s Information Security Management System (ISMS). - Lead annual and recurring compliance certifications (SOC 2, HIPAA, HITRUST). - Respond to customer security questionnaires and due diligence requests. - Oversee vendor risk management, including contracts, reviews, and security posture assessments. - Manage MSP performance (IT and SOC/MDR) and ensure evidence feeds align with audit requirements. - Mentor and guide other Engineers and Stakeholders in evidence collection, reporting, and process maturity. - Define, implement, and maintain security policies, standards, and procedures. - Serve as the main point of contact for auditors, regulators, and external security partners. - Report compliance and risk posture to leadership and the board. Minimum Qualifications: - Bachelor’s degree in information security, risk management, or related field (or equivalent experience). - 6+ years of experience in security, compliance, or risk management roles, with 3+ years in a leadership capacity. - 3+ years of vendor management experience. - Experience working with SOC 2, HIPAA, and HITRUST frameworks. - Experience working in a Cloud-based SaaS Platform - Familiarity with healthcare data security and PHI handling. - Experience with Drata's GRC and compliance automation platform - Strong organizational skills and ability to manage multiple audit and certification workstreams. - Excellent written and verbal communication skills, with the ability to translate compliance requirements into clear actions for engineering and business teams. - Hands-on experience modernizing segregation of duties in a highly regulated environment - Hands-on experience integrating Drata with external services: Entra ID, Azure, AWS, etc. - Experience working in sprint-based Agile Development Methodology Preferred Qualifications: - Security certifications such as CISA, CISM, or CISSP. - Experience with NIST 800-53, Cloud Security Alliance (CSA), and Center for Internet Security (CIS) - Experience working in healthcare or other regulated industries. - Exposure to enterprise architecture frameworks such as TOGAF. - Experience building compliance roadmaps in early-stage startups - Exposure to Containerization platforms like Docker, Kubernetes, or VMware Tanzu - Exposure to Serverless platforms like Azure Functions, AWS Lambda - Exposure to Big Data platforms like Hadoop, Databricks, Snowflake, Kafka, Cloudera - Exposure to DevSecOps - Exposure to DevOps Squad Organization Model Benefits: - The Seattle base salary range for this full-time position is $163k-$192k. Within the range, individual pay is determined by work location and additional factors, including job-related skills, experience, and relevant education or training. - Benefits include medical, dental, vision, life and AD&D insurance, EAP, short-term and long-term disability, 16 days PTO, 8 paid holidays, fully paid holiday closure, parental and family medical leave, 401k, stock options and annual bonuses and salary increases based on merit. Diversity and Inclusivity Statement: - At Opala, we believe that diversity and inclusivity are critical to our success. We encourage and value diverse perspectives and experiences, and we believe that they are essential for driving innovation and creating products that meet the needs of our diverse customer base.  Opala is an equal opportunity employer and makes employment decisions on the basis of merit. We are committed to providing a workplace free from harassment and discrimination. We celebrate the unique differences of our employees because that is what drives curiosity, innovation, and the success of our business. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, gender identity or expression, age, marital status, veteran status, disability status, pregnancy, parental status, genetic information, political affiliation, or any other status protected by the laws or regulations in the locations where we operate. Accommodations are available for applicants with disabilities.

Opala delivers robust, secure solutions to tackle the most complex data challenges faced by healthcare’s payers and providers. As a startup originating from a major healthcare plan in the Northwest, we combine deep health-tech expertise with top-tier data and software engineering talent to create products that our customers find meaningful and valuable. These products empower payers and their partners to find timely insights and take action to intervene in areas like value-based care analytics, interoperability compliance, and real-time streaming of clinical data. In this remote position, we are seeking a Senior Data Engineer with a strong background in various databases, processes, and tools to join our team. In this role, you will design, develop, deploy, and maintain our data-hub and associated integrations. Key Responsibilities: - Build and optimize scalable end-to-end data pipelines for ingestion, transformation, and delivery. - Design and develop data models and warehouse structures to support analytics and reporting. - Operationalize data-driven solutions, including advanced analytics and predictive models. - Create high-quality datasets for business intelligence, machine learning, and experimentation. - Implement data quality, lineage, and observability best practices across data workflows. - Maintain and improve internal tools and automation frameworks for data operations. - Integrate new data sources, including clinical systems, healthcare standards, vendor feeds, and real-time streams. - Contribute to CI/CD workflows, infrastructure automation, and cloud-based data architecture. - Support all software development lifecycle activities following industry best practices. - Research and integrate design strategies, specifications, and user requirements into data solutions. - Conduct complex investigations and testing for data systems and workflows. - Participate in special projects as needed. - Provide technical guidance to the data engineering team through reviews and infrastructure support. - Troubleshoot complex data and application issues, ensuring reliability and performance. Minimum Qualifications: - Bachelor’s degree in Computer Science, Data Science, Engineering, or related technical discipline (or equivalent experience). - 7+ years overall experience in data engineering or related fields. - 5+ years building and managing data pipelines and workflows. - 5+ years designing and managing relational and non-relational data systems. - Experience with cloud platforms and distributed data environments. - Strong understanding of data modeling, performance optimization, and reliability. - Experience supporting advanced analytics or machine learning workflows. - Familiarity with data integration from diverse sources, including healthcare systems and standards for data representation and communication. Preferred Qualifications: - Experience building data flow processes in large-scale or cloud-based environments. - Knowledge of healthcare-specific standards for data representation and interoperability (e.g., widely adopted frameworks for clinical data exchange). - Exposure to data governance, compliance, and security in healthcare contexts. Benefits: - The Seattle base salary range for this full-time position is $163k-$192k. Our salary ranges are determined by role, level, and location. Within the range, individual pay is determined by work location and additional factors, including job-related skills, experience, and relevant education or training. - Benefits include medical, dental, vision, life and AD&D insurance, EAP, short-term and long-term disability, 16 days PTO, 8 paid holidays, fully paid holiday closure, parental and family medical leave, 401k, stock options and annual bonuses and salary increases based on merit. Diversity and Inclusivity Statement: - At Opala, we believe that diversity and inclusivity are critical to our success. We encourage and value diverse perspectives and experiences, and we believe that they are essential for driving innovation and creating products that meet the needs of our diverse customer base.  Opala is an equal opportunity employer and makes employment decisions on the basis of merit. We are committed to providing a workplace free from harassment and discrimination. We celebrate the unique differences of our employees because that is what drives curiosity, innovation, and the success of our business. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, gender identity or expression, age, marital status, veteran status, disability status, pregnancy, parental status, genetic information, political affiliation, or any other status protected by the laws or regulations in the locations where we operate. Accommodations are available for applicants with disabilities.