About the Role We’re looking for an AI Security Architect to define and own the security architecture for a modern platform that combines cloud infrastructure, large language models, and autonomous agents. In this role, you will establish secure-by-design patterns across Azure, AI/LLM systems, and regulated data environments, helping the company scale securely as products and capabilities evolve. This role is ideal for someone who can think across systems, set architectural direction, and partner with engineering and leadership to translate emerging risks into practical, scalable controls. What You’ll Do - Define end-to-end security architecture for cloud infrastructure, AI/LLM systems, APIs, and internal platforms - Establish security standards, reference architectures, and design patterns for engineering teams - Lead architecture reviews for new products, services, and major platform changes - Own threat modeling frameworks and guide teams in identifying and mitigating design-level risks - Design secure AI/LLM usage patterns, including model access controls, prompt handling, tool-use restrictions, agent isolation, and memory boundaries - Define zero trust architectures across identity, network, service-to-service communication, and privileged access - Architect data protection strategies including classification, encryption, tokenization, retention, and isolation - Partner with engineering leadership to embed security architecture into SDLC, CI/CD, and platform design decisions - Guide compliance architecture for regulated environments, including HIPAA, SOC 2, and related frameworks - Evaluate and recommend security platforms and controls across cloud, endpoint, identity, application, and AI layers - Drive secure multi-tenant and environment isolation strategies where applicable - Support leadership on risk strategy, prioritization, and tradeoff decisions across security and product velocity Required Expertise - 6+ years of experience in security, cloud security, platform security, or related roles, including significant architecture experience - Proven experience designing and reviewing cloud-native security architectures in Microsoft Azure - Deep understanding of identity-first security, zero trust principles, and secure distributed systems design - Experience designing security controls for AI/ML or LLM-based systems, or equivalent experience securing emerging technologies at scale - Strong expertise in threat modeling, security design reviews, and architecture governance - Experience defining security standards and scalable patterns across engineering organizations - Strong understanding of networking, IAM, encryption, secrets management, and secure application architecture - Ability to communicate risk, tradeoffs, and design decisions clearly to both technical and non-technical stakeholders Preferred Qualifications - Experience working in HIPAA-regulated environments - Experience with infrastructure as code (Terraform, ARM, or similar) - Experience securing LLM-based products, agent frameworks, or autonomous systems - Familiarity with red teaming AI systems, adversarial testing, or AI abuse scenarios - Knowledge of data security practices such as DLP, tokenization, and data governance - Experience with container, Kubernetes, and platform security - Experience with security architecture reviews at scale in high-growth or enterprise environments - Certifications such as CISSP, CCSP, Azure Security Engineer Associate, Azure Solutions Architect Expert, or similar What We’re Looking For - A systems thinker who can see across the full platform and design durable security patterns - Someone who can make high-impact design decisions under ambiguity - Strong influence and collaboration skills across engineering, product, and leadership - The ability to balance security rigor with business velocity at a strategic level - Curiosity about emerging AI threats and a practical mindset for turning risk into architecture Why Join Us - Shape the security architecture of cutting-edge AI systems and agent platforms - Drive foundational security decisions with high visibility and ownership - Work closely with engineering and leadership on meaningful platform and product challenges - Help define how secure AI systems are built in a fast-moving environment We Offer - Paid vacation, sick time, and personal days - 11 company paid holidays - Quarterly UberEats voucher - Monthly Fringe benefits - Flexible work schedules  - Education and professional development stipend - Health, dental, and vision benefits, with employer HSA contribution - Long-term, short-term, and life insurances - 401(k) with company match & profit sharing The typical base salary range for this position is $150,000 - $185,000. CIVIE provides equal employment opportunity for all applicants and employees. All qualified applicants will be considered regardless of an individual’s race, color, sex, gender identity or expression, religion, age, national origin, citizenship, physical or mental disability, medical condition, family care status, marital status, domestic partner status, sexual orientation, military or veteran status, or any other basis protected by federal, state or local laws. If you cannot submit your application due to a disability, please email hr@civie.com; we will reasonably accommodate individuals with disabilities to the extent required by applicable law.

Position Summary: The Senior Identity and Access Management (IAM) Analyst is responsible for advanced operational support, analysis, and continuous improvement of identity and access controls within the Cybersecurity IAM team. This role serves as a senior individual contributor, providing subject matter expertise across IAM processes and tooling while supporting secure, compliant, and efficient access to Guthrie systems and information. The Senior IAM Analyst performs complex access analysis, troubleshooting, and workflow optimization; leads IAM operational initiatives; supports audits and compliance efforts; and partners with IT, clinical, and business stakeholders to ensure least‑privilege access aligned with healthcare workflows. Core responsibilities include Identity Governance and Administration (IGA), Privileged Access Management (PAM), Single Sign‑On (SSO), Multi‑Factor Authentication (MFA), federation, and access lifecycle management across Azure AD, Active Directory, LDAP, and Epic EMR. This role operates with a high degree of autonomy and may mentor junior analysts and support engineers. Required Education and Experience: - High school diploma required; - 5+ years of experience in Identity and Access Management, information security, or related IT roles - 3+ years of hands‑on experience with IAM, PAM, MFA, and access lifecycle management processes - Experience supporting IAM in a regulated environment - Obtain one relevant professional security certification within 6 months of hire/in role - Obtain the Epic security certification within 6 months of hire/in role Preferred Qualifications - Bachelor’s degree in a relevant field preferred - Experience supporting Epic EMR security and clinical access workflows - 7+ years of experience in Identity and Access Management, information security, or related IT roles - 5+ years of hands‑on experience with IAM, PAM, MFA, and access lifecycle management processes - Healthcare experience strongly preferred - Familiarity with healthcare regulations and security frameworks (HIPAA, NYSDOH, HITRUST CSF, NIST CSF) - Experience with scripting or automation (PowerShell or similar) to improve IAM workflows - Relevant Professional certification such as CompTIA Security+, ISC2 SSCP, or equivalent - Epic Security certification Core Competencies & Skills - Advanced understanding of IAM operational processes and controls - Strong analytical and troubleshooting skills for complex identity‑based access issues - Ability to independently manage workload and prioritize competing requests - Strong written and verbal communication skills for documentation, training, and stakeholder engagement - Experience documenting standards, procedures, and control evidence - Ability to translate business and clinical requirements into effective access controls - Familiarity with emerging technology such as AI to support improvements to IAM services Essential Functions: Identity & Access Management Operations - Perform advanced provisioning and deprovisioning of regular, privileged, and Epic EMR user access - Administer and support IAM platforms including Azure AD, Active Directory, PAM, MFA, SSO, and federation - Identify, analyze, and resolve complex IAM and access workflow issues; recommend process improvements - Support and execute account lifecycle management processes to ensure appropriate access is granted and removed - Participate in IAM tool integrations, upgrades, testing, and operational enhancements - Adoption and utilization of AI to increase operational efficiencies Governance, Risk, and Compliance - Participate in periodic user access reviews and entitlement certifications across the organization - Support audits, regulatory reviews, and risk assessments by gathering and validating IAM control evidence - Ensure IAM controls operate effectively to support HIPAA Security and Privacy Rule compliance - Assist with documenting IAM control gaps, risks, and remediation recommendations - Support efforts to acquire and sustain HITRUST CSF certification Process Improvement & Collaboration - Develop and maintain IAM playbooks, procedures, and standards documentation - Establish and track operational IAM metrics and reporting for management - Partner with IT, clinical, and business stakeholders to align access controls with workflows - Provide guidance and informal mentoring to IAM Analysts and junior team members - Participate in project work to ensure IAM requirements are addressed in system designs and operating procedures Working Conditions & Expectations - Full Remote with monthly on‑call - Requires attention to detail, independent judgment, and ability to manage multiple priorities - Frequent interaction with IT, clinical staff, vendors, and auditors - No direct people management responsibility Joining the Guthrie team allows you to become a part of a tradition of excellence in health care. In all areas and at all levels of Guthrie, you’ll find staff members who have committed themselves to serving the community. The Guthrie Clinic is an Equal Opportunity Employer. The Guthrie Clinic is a non-profit, integrated, practicing physician-led organization in the Twin Tiers of New York and Pennsylvania. Our multi-specialty group practice of more than 500 physicians and 302 advanced practice providers offers 47 specialties through a regional office network providing primary and specialty care in 22 communities. Guthrie Medical Education Programs include General Surgery, Internal Medicine, Emergency Medicine, Family Medicine, Anesthesiology and Orthopedic Surgery Residency, as well as Cardiovascular, Gastroenterology and Pulmonary Critical Care Fellowship programs. Guthrie is also a clinical campus for the Geisinger Commonwealth School of Medicine.

• Lead, develop, and mentor a team of Application Security Engineers focused on clearing roadblocks, career growth and development, coaching and mentoring. • Own the team’s operational cadence end to end: triage rotations, Application Security review queues, milestone planning. • Drive tactical execution of the Application Security program: scaling the team for non linear security gains, security reviews enhancements and secure design consultations for high-risk changes. • Lead AI adoption within the Application Security team: leverage AI-assisted/automated workflows for review triage, threat model generation, code analysis, and operational toil reduction. Champion practical AI use without losing critical thinking rigor. • Recommend and drive security-related technical and process improvements. • Author and execute project plans for security initiatives. Set schedules and assignments, anticipate roadblocks, and measure performance against goals. • Provide input on security architecture, features, and issues. Serve as a partner and enabler to Product and Engineering teams on application security decisions. • Partner with Security Architecture, Infrastructure Security, Security Research, and Security Operations on end-to-end risk reduction, aligning Application Security work with broader Product Security objectives. • Prepare and deliver meaningful, actionable metrics to Product Security leadership. • Hire and build a world-class team. Train team members to screen candidates and conduct structured interviews. Build the team’s ability to grow itself.

Security Engineer (Hybrid/Remote) at HotDoc Online Pty Ltd Privacy and Security • Melbourne, Victoria 3000, Australia • Full-time Role Type Permanent • Full-time • Mid Level Pay Rate 120000 AUD – 150000 AUD (Annum) Description Welcome to HotDoc! 👋 Founded in Melbourne in 2012, HotDoc is Australia’s largest patient engagement platform — with over 8 million app downloads and partnerships with more than 21,000 practitioners across General Practice, Allied Health, Dental, Specialist, and Optometry. We handle sensitive health (PHI) and personal (PII) data and operate in a highly regulated environment. That means security isn’t an afterthought here — it’s foundational to everything we build. This role sits at the heart of that. We have ambitious goals to improve the healthcare experience for everyone in Australia, and we’re looking for exceptional people to help us get there. Role Purpose & Context This is a hands-on, execution-focused security engineering role. You’ll work closely with Engineering, Infrastructure, Product, and Leadership to reduce risk, uplift compliance maturity, and embed security best practices across a growing SaaS platform at a pivotal stage of growth. You’ll report directly to the Principal Security Engineer and work within a collaborative team that values pragmatism, clarity, and psychological safety. This is not a purely advisory or GRC role. You’ll be doing real engineering work — building tooling, triaging vulnerabilities, supporting incidents, and helping engineering teams ship securely. You’ll earn trust by being useful, specific, and enabling — not by being a gatekeeper. Why Join HotDoc? Join a purpose-driven team where your work directly protects the patients and practitioners who depend on our platform every day. Here’s what you can look forward to: - Impactful, meaningful work — Security at HotDoc protects real health data for millions of Australians. You’ll see how your work connects to outcomes that matter. - A team that values how you work, not just what you deliver — Our culture is built on empathy, curiosity, and psychological safety. We challenge with care, not with hierarchy. - Genuine autonomy with real support — Own your domains and drive your own work, with your leader and team always there to back you up. - A structured monthly milestone plan — We don’t just hire people and hope for the best. You’ll have a clear 6–24 month development roadmap, regular 1:1s, and genuine investment in your career progression. What Will You Be Doing? Operational Security & Risk Management - Own vulnerability identification, prioritisation, and remediation workflows across infrastructure and application layers — using tools, not just spreadsheets - Partner hands-on with engineering squads to review, triage, and remediate security risks within normal sprint cycles - Participate in incident response and contribute to post-incident improvements that actually get implemented - Improve alert quality and reduce noise in security monitoring, so the team responds to what matters Compliance & Audit Readiness - Support SOC 2 and PCI DSS control implementation — evidence collection, control mapping, and gap remediation - Assist with audit preparation cycles and maintain an accurate, up-to-date view of our control posture - Contribute to vendor and third-party risk assessments with practical, proportionate judgement - Maintain security documentation, policies, and control mappings so they reflect reality, not aspiration Secure Development & AI Enablement - Embed security into engineering workflows — threat modelling, code review support, secure defaults in CI/CD pipelines - Work with product and engineering teams to ensure AI-generated and AI-assisted code follows security best practices - Help define guardrails for AI-enabled product features as our AI footprint grows - Provide clear, actionable security guidance during design and architecture discussions Security Architecture Support - Assist in strengthening encryption, identity, access management, and key management practices - Support our MFA rollout and authentication improvement programme - Contribute to health data architecture uplift initiatives that protect patient data at scale Security Engineering & Tooling - Design, build, and maintain internal security tooling, iterating based on feedback and emerging threat patterns - Leverage AI tools to improve the efficiency and effectiveness of security operations What You Must Have to Apply - 3+ years of hands-on experience in application security, infrastructure security, or cloud security — not purely advisory or GRC roles - Demonstrated experience supporting compliance initiatives such as SOC 2, PCI DSS, ISO 27001 or similar — you’ve done the work, not just observed it - Strong, practical AWS security knowledge (or equivalent public cloud) - Experience with vulnerability management tools and remediation workflows — you can triage, prioritise, and communicate risk clearly - Familiarity with Secure SDLC practices and how to work with developers without slowing teams down - Strong written and verbal communication — you can translate security risk into language that resonates with engineers, product managers, and executives alike You’re Just the Person We’re Looking For If You Can Demonstrate - A pragmatic, enabling mindset — you see your job as helping engineers ship securely, not saying no - Genuine curiosity and a growth mindset — you ask “why?” often and are open to new tools and approaches - Ownership and follow-through — you drive work to completion without needing to be chased - The confidence to speak up — you surface risks and concerns proactively, even when it’s not the easy option - A socially conscious outlook — you understand that security failures here have real consequences for patients and clinicians - Comfort with ambiguity and a “progress beats perfection” approach to getting things done What Do Our Employees Love About Working for HotDoc? Our people are at the heart of HotDoc. We are an employee-first company and recognise that we can’t deliver a great patient experience without looking after the people who build it. - Flexibility to work from home and our Melbourne HQ - Access to our comprehensive Health & Wellbeing Program - A generous Learning & Development Budget - Parental leave benefits including paid baby sleep school, first aid courses, and EAP for primary and secondary caregivers - Company-wide events and activities at our Melbourne HQ, open to all remote and hybrid staff several times a year - In-office collaboration days with workshops and team planning sessions - Private and confidential EAP from Day 1 - In-house Career and Strengths Coaching tailored to every employee Please note: we ask that local team members make an effort to attend our Melbourne HQ regularly to build relationships and collaborate in person. If you have flexible working requirements, please raise this with the Hiring Manager during the recruitment process so we can explore what’s possible. HotDoc Is a Place Where You Can Be You. HotDoc prides itself on being an inclusive and diverse workplace — in fact, we celebrate it. If there are any alternative considerations you might require to perform this role, or anything we can do to support you through the application process, please let us know. We’ll do our best to make this a great experience. Company Overview Our mission; To enable the best healthcare experience for everyone in Australia