About Curative
Curative is building the future of health insurance with a first-of-its-kind employer-based plan designed to remove financial barriers and make care truly accessible: one monthly premium with $0 copays and $0 deductibles*. Backed by our recent $150M in Series B funding and valuation at $1.275B, Curative is scaling rapidly and investing in AI-powered service, deeper member engagement, and a smart network designed for today’s workforce.
Our north star guides everything we do: healthcare only works when people can actually use it. That belief drives every decision we make: from how we design our plan, support our members, to how we collaborate as a team.
If you want to do meaningful work with a team that moves fast, experiments boldly, and cares deeply, Curative is the place to do it. We’re growing fast and looking for teammates who want to help transform health insurance for the better.
Role Overview
We're looking for a Principal Security Engineer to own our security engineering function end-to-end from defining platform strategy to hands-on implementation. This is a technical leadership role: you'll set the bar for how security is built and operated across our infrastructure, applications, and AI systems, and actively grow the engineers around you.
This team moves fast, and you should be excited about interacting with a wide variety of stakeholders. The right fit for this role has a strong interest in building tools, is comfortable working with new technologies, and has a strong sense of enabling business operations through secure designs. This role will be to design, deploy and maintain all tooling that supports Security Operations
Finally it's important to us that everyone on our team be prepared to work with and supportive of a variety of backgrounds, roles, and needs. Our organization is built on trust and mutual respect, we know that it's only together that we achieve truly great things.
This is a remote position
Key Responsibilities
Detection, Response & Visibility
- Own strategy and hands-on engineering for Detection and Response platforms; identify, onboard, and normalize all log sources including cloud, containers, endpoints, and SaaS
- Build and maintain Security Orchestration, Automation, and Response (SOAR) tooling to reduce response time and analyst toil
- Lead incident response for complex threats including developing runbooks, driving post- incident improvements, and designing/running BCP/DR tabletop exercises.
Application Security
- Embed security into the SDLC: threat modeling, secure design reviews, SAST/DAST tooling, and automated security gates in CI/CD pipelines
- Own the vulnerability management program at host and application levels; track and drive remediation
- Champion "security as code" practices across engineering teams
AI & Security
- Build AI-powered security tooling: threat detection and anomaly identification at appropriate confidence thresholds, automated triage and remediation workflows, and AI-assisted post- mortem summarization
- Define and implement the security model for LLM-based systems and internal AI tooling
- Architect harness patterns to constrain LLM behavior and harden against prompt injection, indirect injection via RAG pipelines, and data exfiltration via model outputs
- Evaluate and govern AI tool adoption from a security and data-risk perspective
Infrastructure & Platform Security
- Own AWS security posture and enforce baselines across Linux/Windows, network devices, and enterprise SaaS (M365, Google Workspace, Azure)
- Engineer, configure, and operate EDR, DLP, and endpoint security programs
- Provide IAM architecture expertise across identity and access systems
Leadership & Mentorship
- Mentor and actively develop junior and mid-level security engineers through design reviews, pairing, and direct feedback. Growing team capability is a core expectation of this role
- Define and drive security engineering standards across the organization
- Collaborate closely with IT operations, platform, and software to translate threat intelligence into detection and hardening priorities
Education
Bachelor's degree in a related field or equivalent experience.
Qualifications
- 8+ years in security engineering with demonstrated growth into technical leadership
- Hands-on SIEM experience (DataDog, ELK, or equivalent)
- Deep AWS security and IAM expertise
- Application security fundamentals: threat modeling, SAST/DAST, secure SDLC
- Experience building with AI/LLM APIs and practical knowledge of LLM security risks
- EDR, DLP, and vulnerability management experience
- Experience with containerized workloads and Kubernetes security
- Proven track record of mentoring engineers and raising team capability
Nice to Have
- CISSP, GIAC, or OSCP certification
- MITRE ATT&CK knowledge applied to detection engineering
- "Security as code" experience (OPA, Checkov, tfsec, or similar)
- Data science or anomaly detection skills applied to security telemetry
- Healthcare industry background (HIPAA, HITRUST)
- Experience with the following tools/technologies: Kubernetes/EKS, Terraform/Terragrunt, Atlantis, Cloudflare, Buildkite, Wiz, Semgrep, EscapeTech, GitHub Advanced Security, Datadog, HashiCorp Vault, N8N, Snowflake, Linear
Perks & Benefits
-
Curative Health Plan (100% employer-covered medical premiums for you and 50% coverage for dependents on the base plan.)
-
$0 copays and $0 deductibles (with completion of our Baseline Visit )
-
Preventive and primary care built in
-
Mental health support (Rula, Televero, Two Chairs, Recovery Unplugged)
-
One-on-one care navigation
-
Chronic condition programs (diabetes, weight, hypertension)
-
Maternity and family planning support
-
24/7/365 Curative Telehealth
-
Pharmacy benefits
-
-
Comprehensive dental and vision coverage
-
Employer-provided life and disability coverage with additional supplemental options
-
Flexible spending accounts
-
Generous PTO policy plus 11 paid annual company holidays
-
401K for full-time employees
-
Generous Up to 8–12 weeks paid parental leave, based on role eligibility.