Security & Audit Lead

St. John's, NL, CA, Canada

Job Description

Who Are We?



As a group of passionate technology developers, successful entrepreneurs and industry experts, SiftMed is scaling and growing quickly. We are looking for a Senior Software Engineer (AI and Document Processing) with a passion for developing advanced technology and constantly pushing the envelope.



SiftMed is an AI driven system that processes, organizes, and categorizes medical files. Driven by a mission to extract facts in medical data that can change lives - the company focuses on improving access to critical information, empowering legal teams and medical experts to quickly and accurately find previously hidden key facts in medical data.



What we're looking for:



We're looking for a Security & Audit Lead to ensure our systems are secure by design and operation. This is a technical, hands-on role focused on building, operating, and evolving secure infrastructure and processes with the goal of meeting and exceeding our obligations under SOC 2, HIPAA, and PIPEDA.



You'll have direct support from the leadership team, close collaboration with engineering, and the autonomy to build a security program the right way from day one.



Responsibilities include:



Own our security architecture and practices across infrastructure, applications, and data with an emphasis on prevention, visibility, and minimal access. Ensure we meet our regulatory and contractual obligations under SOC 2, HIPAA, and PIPEDA through secure implementation, logging, access control, and incident response. Design and enforce secure-by-default infrastructure using tools like IAM, encryption, container security, and CI/CD hardening (AWS native stack). Build technical controls that map to compliance requirements such as audit logging, asset inventories, and access review workflows. Respond to security incidents and drive remediation; lead post-mortems and ensure repeatable playbooks exist. Collaborate with auditors and vendors to provide evidence of controls without slowing down the team. Implement and tune essential security tooling, such as vulnerability scanners, secret detection, intrusion detection, and centralized logging.

Required Skills:



5+ years of hands-on security engineering experience ideally in cloud-native, high-trust environments. Strong technical foundation in cloud infrastructure (especially AWS), IAM, network and endpoint security, and secure software development practices. Ability to identify practical risks, propose technical mitigations, and clearly explain tradeoffs. A pragmatic, automation-minded approach to compliance: you focus on building secure systems, not checklists. High standards of ethics, confidentiality, and professionalism: you treat sensitive data like it's your own.

Nice to Have:



Familiarity with aligning systems and controls to frameworks like SOC 2, HIPAA, and PIPEDA especially as they apply in real-world engineering contexts. Experience in early-stage startups or as a founding security hire Previous ownership of SOC 2 audit readiness from a technical perspective Experience with tools like Vanta, Drata, or homegrown compliance automation Certifications such as CISSP, OSCP, or Security+ (optional, not required)

What do we offer?



As a group, we never take ourselves too seriously but believe we truly can make a big difference. We work very hard but we also enjoy having fun. From laser tag, full company strategic offsites, and a slack channel dedicated to pictures of our pets. We want everyone to be empowered, regardless of your role, you have a seat at the table and we want to hear from you.



We believe in trust and autonomy and therefore provide a flexible working environment. We want members of our team to be able to work closely together while also having the flexibility to manage their life and work responsibilities based on what works for each individual.



We recognize the importance of an inclusive, diverse, and equitable workforce. Diversity and inclusion are one of our core values. To this end, we commit to creating an inclusive environment for all.

Beware of fraud agents! do not pay money to get a job

MNCJobz.com will not be responsible for any payment made to a third-party. All Terms of Use are applicable.


Job Detail

  • Job Id
    JD2544411
  • Industry
    Not mentioned
  • Total Positions
    1
  • Job Type:
    Full Time
  • Salary:
    Not mentioned
  • Employment Status
    Permanent
  • Job Location
    St. John's, NL, CA, Canada
  • Education
    Not mentioned