Overview
Highlight Health is a mission-driven company that protects consumer rights and controls healthcare costs exclusively for self-funded employers and their stop loss carriers. We are a profitable, fast-growing company without private equity investors.
We are currently building a sophisticated, proprietary Claims Intelligence Platform — a system of record handling protected health information (PHI) and generating financial recommendations with real-world legal and economic weight. Security, compliance, and platform reliability are not afterthoughts here; they are first-class engineering concerns.
We are looking for a Senior Platform and Security Engineer to own the Azure infrastructure, IT operations, and technical implementation of security controls that underpin this platform. This is a hands-on individual contributor role with a potential path toward team leadership as the company grows. You will work closely with the engineering team on platform changes and directly with leadership on SOC 2 Type 2 and HIPAA audit preparation.
If you want technical ownership of a platform where the stakes are real and the work is consequential, we would love to hear from you.
Essential Duties and Responsibilities
Azure Platform Ownership
Own infrastructure for all Azure resources across development, UAT, and production environmentsManage and evolve Azure DevOps pipelines for build, test, and deploymentOperate Azure Container Apps, App Service, Service Bus, Azure Database for PostgreSQL Flexible Server, Blob Storage, and supporting servicesMaintainAzure Key Vault including secrets rotation and enforcement of least-privilege accessConfigure and tune Application Insights and Log Analytics, including PHI-safe logging pipelines that prevent sensitive data from appearing in telemetrySecurity Controls and Compliance
Implement andmaintaintechnical controls in support of SOC 2 Type 2 and HIPAA compliance programsAdminister Entra ID including conditional access policies, MFA enforcement, group lifecycle management, and identity governancePartner with leadership on audit preparation, evidence collection, and control documentationContribute to incident response readiness, including tabletop exercises and runbook developmentManage logging and alerting functions through Microsoft Purview and Microsoft Sentinel, including alert tuning, analytics rules, and data connector configurationMaintain and improve the organization’s security posture through vulnerability management, access reviews, and security monitoringIT Operations
Own Office 365 administration, SharePoint configuration, and SaaS tool management for the organizationServe as the internal technical authority on endpoint security, device management, and employee access provisioningEvaluate and onboard new tooling as the company scales, with a bias toward security and operational simplicityThe Technical Environment
Infrastructure: Azure Container Apps, Azure App Service, Azure Service Bus, Azure Database for PostgreSQL Flexible Server, Azure Blob StorageSecurity and Identity: Azure Key Vault, Microsoft Entra ID, Microsoft Defender, Azure PolicyObservability and Security Operations: Application Insights, Log Analytics Workspaces, Microsoft Sentinel, Microsoft PurviewCI/CD: Azure DevOps pipelinesProductivity: Microsoft 365, SharePoint, TeamsCompliance targets: SOC 2 Type 2, HIPAAExperience and Qualifications
7–10 years in cloud platform engineering, DevOps, or infrastructure securityHands-on production Azure experience across thefull servicelifecycle, not just resource provisioningPractical experience implementing technical controls for HIPAA and SOC 2 Type 2Fluent in Entra ID: conditional access, MFA, role assignments, and identity governanceAppliesappropriate safeguardsfor protected health information, including PHI-safe logging pipelines, data isolation, and least-privilege access controlsComfortable owning IT operations end-to-end: M365, SaaS administration, and employee access management includedBrings a point of view. This role requires someone who assesses the environment,identifiesgaps, and recommends a path forwardEnergized by doing the work. This is a hands-on role with full ownership of the platform and security postureHealthcare or regulated industry background is a genuine advantageComfortable incorporating AI-assisted tools and workflows into day-to-day work to improve speed and quality Read Less