About Curative
Curative is building the future of health insurance with a first-of-its-kind employer-based plan designed to remove financial barriers and make care truly accessible: one monthly premium with $0 copays and $0 deductibles*. Backed by our recent $150M in Series B funding and valuation at $1.275B, Curative is scaling rapidly and investing in AI-powered service, deeper member engagement, and a smart network designed for today’s workforce.
Our north star guides everything we do: healthcare only works when people can actually use it. That belief drives every decision we make: from how we design our plan, support our members, to how we collaborate as a team.
If you want to do meaningful work with a team that moves fast, experiments boldly, and cares deeply, Curative is the place to do it. We’re growing fast and looking for teammates who want to help transform health insurance for the better.
Role Overview
We're looking for a Principal Security Engineer to own our security engineering function end-to-end from defining platform strategy to hands-on implementation. This is a technical leadership role: you'll set the bar for how security is built and operated across our infrastructure, applications, and AI systems, and actively grow the engineers around you.
This team moves fast, and you should be excited about interacting with a wide variety of stakeholders. The right fit for this role has a strong interest in building tools, is comfortable working with new technologies, and has a strong sense of enabling business operations through secure designs. This role will be to design, deploy and maintain all tooling that supports Security Operations
Finally it's important to us that everyone on our team be prepared to work with and supportive of a variety of backgrounds, roles, and needs. Our organization is built on trust and mutual respect, we know that it's only together that we achieve truly great things.
This is a remote position
Key Responsibilities
Detection, Response & Visibility
Own strategy and hands-on engineering for Detection and Response platforms; identify, onboard, and normalize all log sources including cloud, containers, endpoints, and SaaS
Build and maintain Security Orchestration, Automation, and Response (SOAR) tooling to reduce response time and analyst toil
Lead incident response for complex threats including developing runbooks, driving post- incident improvements, and designing/running BCP/DR tabletop exercises.
Application Security
Embed security into the SDLC: threat modeling, secure design reviews, SAST/DAST tooling, and automated security gates in CI/CD pipelines
Own the vulnerability management program at host and application levels; track and drive remediation
Champion "security as code" practices across engineering teams
AI & Security
Build AI-powered security tooling: threat detection and anomaly identification at appropriate confidence thresholds, automated triage and remediation workflows, and AI-assisted post- mortem summarization
Define and implement the security model for LLM-based systems and internal AI tooling
Architect harness patterns to constrain LLM behavior and harden against prompt injection, indirect injection via RAG pipelines, and data exfiltration via model outputs
Evaluate and govern AI tool adoption from a security and data-risk perspective
Infrastructure & Platform Security
Own AWS security posture and enforce baselines across Linux/Windows, network devices, and enterprise SaaS (M365, Google Workspace, Azure)
Engineer, configure, and operate EDR, DLP, and endpoint security programs
Provide IAM architecture expertise across identity and access systems
Leadership & Mentorship
Mentor and actively develop junior and mid-level security engineers through design reviews, pairing, and direct feedback. Growing team capability is a core expectation of this role
Define and drive security engineering standards across the organization
Collaborate closely with IT operations, platform, and software to translate threat intelligence into detection and hardening priorities
Education
Bachelor's degree in a related field or equivalent experience.
Qualifications
8+ years in security engineering with demonstrated growth into technical leadership
Hands-on SIEM experience (DataDog, ELK, or equivalent)
Deep AWS security and IAM expertise
Application security fundamentals: threat modeling, SAST/DAST, secure SDLC
Experience building with AI/LLM APIs and practical knowledge of LLM security risks
EDR, DLP, and vulnerability management experience
Experience with containerized workloads and Kubernetes security
Proven track record of mentoring engineers and raising team capability
Nice to Have
CISSP, GIAC, or OSCP certification
MITRE ATT&CK knowledge applied to detection engineering
"Security as code" experience (OPA, Checkov, tfsec, or similar)
Data science or anomaly detection skills applied to security telemetry
Healthcare industry background (HIPAA, HITRUST)
Experience with the following tools/technologies: Kubernetes/EKS, Terraform/Terragrunt, Atlantis, Cloudflare, Buildkite, Wiz, Semgrep, EscapeTech, GitHub Advanced Security, Datadog, HashiCorp Vault, N8N, Snowflake, Linear
Perks & Benefits
Curative Health Plan (100% employer-covered medical premiums for you and 50% coverage for dependents on the base plan.)
$0 copays and $0 deductibles (with completion of our Baseline Visit )
Preventive and primary care built in
Mental health support (Rula, Televero, Two Chairs, Recovery Unplugged)
One-on-one care navigation
Chronic condition programs (diabetes, weight, hypertension)
Maternity and family planning support
24/7/365 Curative Telehealth
Pharmacy benefits
Comprehensive dental and vision coverage
Employer-provided life and disability coverage with additional supplemental options
Flexible spending accounts
Generous PTO policy plus 11 paid annual company holidays
401K for full-time employees
Generous Up to 8–12 weeks paid parental leave, based on role eligibility.