Open Insurance

Compensation

Full Description

Location: Remote or Hybrid (if US Located) Employment Type: Contract — Full-Time Department: Engineering / Product Development Experience Level: Mid/Senior (4–8+ years) Reports To: Director of Engineering Role Overview We are hiring a Backend & Cybersecurity Engineer who combines strong secure software development skills with deep expertise in cloud security, DevSecOps, and compliance. In this role, you will be the security backbone of our engineering organization—ensuring that every layer of our InsurTech platform, from microservices to cloud infrastructure, meets the highest standards of security, reliability, and regulatory compliance. A defining aspect of this position is securing our internal Platform, LLM, and AI platform. As we build and deploy custom large language models, AI agents, and an LLM Composer system, you will be responsible for establishing the security architecture, governance frameworks, and threat mitigation strategies that allow us to ship AI-powered capabilities safely and responsibly. This includes prompt injection defense, model access controls, data pipeline security, AI output validation, and ensuring all AI systems comply with healthcare and insurance data regulations. Key Responsibilities Cybersecurity & DevSecOps Architect and enforce a comprehensive DevSecOps program across the entire SDLC, integrating security into CI/CD pipelines, code reviews, and deployment workflows. Implement and manage SAST, DAST, SCA, and container scanning tools (Snyk, SonarQube, Trivy, Grype, Checkov) with automated gates that prevent vulnerable code from reaching production. Design and enforce zero-trust security architecture across cloud infrastructure, microservices, and AI systems—including network segmentation, mutual TLS, identity-based access, and least-privilege IAM policies. Manage secrets lifecycle including rotation, injection, and auditing using HashiCorp Vault, AWS Secrets Manager, SOPS, or equivalent tools. Maintain SBOM (Software Bill of Materials) generation, dependency scanning, and vulnerability management with SLA-driven patching workflows. Harden Kubernetes clusters: enforce network policies, pod security standards (PSA/PSS), OPA Gatekeeper or Kyverno policies, RBAC, runtime security (Falco), and container image signing. Architect secure multi-tenant cloud environments with data isolation, encryption at rest and in transit, and tenant-level access controls. Lead incident response planning and execution—develop runbooks, conduct tabletop exercises, manage security incident workflows, and perform post-incident reviews. Drive compliance programs for HIPAA, SOC 2 Type II, ISO 27001, and industry-specific data governance standards, including evidence collection, audit preparation, and continuous compliance monitoring. AI/LLM Security & Governance Design and implement the security architecture for the internal LLM platform and LLM Composer, including model access controls, API authentication, rate limiting, and audit logging. Develop and enforce prompt injection defenses, input sanitization, output validation, and content filtering guardrails for all AI-powered endpoints. Establish data security controls for AI training pipelines—ensuring PHI/PII is properly anonymized, encrypted, and access-controlled throughout the model training and evaluation lifecycle. Implement AI-specific threat modeling covering adversarial attacks, data poisoning, model exfiltration, jailbreaking, and unauthorized tool/agent actions. Design audit trails and observability for AI system behavior—tracking prompt/response logs, model decision provenance, and flagging anomalous AI outputs. Collaborate with the AI team to establish responsible AI governance policies including model evaluation red-teaming, bias testing, and safety benchmarks before production deployment. Ensure AI systems comply with emerging AI regulations and frameworks (NIST AI RMF, EU AI Act considerations, OWASP Top 10 for LLM Applications). Backend Security Engineering Conduct security architecture reviews for backend microservices, API designs, and data flows—identifying and remediating vulnerabilities before they reach production. Implement application-level security controls: authentication/authorization (OAuth 2.0, JWT, OIDC), API rate limiting, input validation, and secure session management. Design and enforce data protection strategies including field-level encryption, tokenization, data masking, and secure data retention/deletion policies for regulated data (PHI, PII, financial records). Contribute to backend services (TypeScript/Nest.js, Python) with a security-first mindset—writing secure code, conducting peer security reviews, and mentoring engineers on secure development practices. Build and maintain security monitoring, alerting, and SIEM integration for real-time threat detection across application and infrastructure layers. Perform or coordinate periodic penetration testing, vulnerability assessments, and security audits—both internal and with third-party firms. Infrastructure Security Secure AWS cloud environments: IAM policy hardening, KMS key management, VPC architecture, security group auditing, CloudTrail logging, GuardDuty, and AWS Config rules. Implement infrastructure-as-code security scanning (Checkov, tfsec, Bridgecrew) in Terraform pipelines to catch misconfigurations before deployment. Design and maintain WAF configurations, DDoS protection, and edge security for public-facing services. Manage certificate lifecycle, TLS configurations, and encryption key rotation across all services and environments. Required Skills & Qualifications 4–8+ years of combined experience in Security Engineering, DevSecOps, and/or Backend Development with a strong security focus. Deep knowledge of AWS cloud security: IAM, KMS, VPC networking, encryption, CloudTrail, GuardDuty, Security Hub, and AWS Config. Hands-on Kubernetes security experience: OPA Gatekeeper/Kyverno, pod security standards, network policies, RBAC, runtime security, and image scanning. Proficiency with CI/CD security integration for GitHub Actions, GitLab CI, or Jenkins—including automated SAST/DAST/SCA scanning and policy enforcement. Strong understanding of security frameworks and standards: OWASP Top 10, NIST CSF, CIS Benchmarks, MITRE ATT&CK, and zero-trust architecture principles. Experience with secrets management tools (HashiCorp Vault, AWS Secrets Manager, SOPS) and encryption technologies. Solid backend development skills in TypeScript/Node.js or Python, with the ability to write secure code and conduct security-focused code reviews. Strong understanding of authentication/authorization protocols (OAuth 2.0, OIDC, SAML, JWT) and API security patterns. Experience with compliance frameworks in regulated industries—HIPAA, SOC 2, or ISO 27001—including audit preparation and evidence collection. Excellent communication skills with the ability to translate security risks into business terms for stakeholders and executive leadership. Preferred Qualifications (Nice to Have) Experience securing AI/ML systems, including familiarity with OWASP Top 10 for LLM Applications, NIST AI RMF, or adversarial ML threat modeling. Hands-on experience with penetration testing, red-teaming, or bug bounty participation. Experience with SIEM platforms (Splunk, Elastic Security, Sentinel) and security automation/orchestration (SOAR). Familiarity with data protection regulations beyond HIPAA: GDPR, CCPA, LFPDPPP, and emerging AI-specific regulations. Security certifications: CISSP, CEH, AWS Security Specialty, CKS (Certified Kubernetes Security Specialist), or equivalent. Experience building security tooling, custom security scanners, or automated compliance checking systems. Background in InsurTech, HealthTech, or FinTech with understanding of industry-specific threat landscapes. Technology Stack & Tools Category Technologies Languages TypeScript, Python, Bash, SQL, Go (nice to have) Backend Nest.js, Node.js, FastAPI, Express Cloud Security AWS IAM, KMS, GuardDuty, Security Hub, CloudTrail, Config, WAF Container Security Trivy, Falco, OPA Gatekeeper, Kyverno, Cosign, Notary DevSecOps Snyk, SonarQube, Checkov, tfsec, Grype, Semgrep, OWASP ZAP Secrets & Identity HashiCorp Vault, AWS Secrets Manager, SOPS, Keycloak AI Security Guardrails AI, NeMo Guardrails, LangSmith, custom prompt defense tooling Compliance Vanta, Drata, AWS Audit Manager, custom compliance automation Infrastructure Terraform, Kubernetes (EKS), Docker, Helm, ArgoCD Monitoring Prometheus, Grafana, ELK/OpenSearch, Datadog, Falco, CloudWatch What We Offer A critical, high-visibility role protecting enterprise AI and LLM systems in a fast-growing InsurTech company. Opportunity to define and build security architecture for cutting-edge AI platforms from the ground up. Direct collaboration with AI, engineering, product, and executive leadership teams. Competitive contract compensation commensurate with experience. Job Type: Contract Pay: From $4,000.00 per month Work Location: Remote