Member of Technical Staff, Security

Mandolin
San Francisco, US
On-siteCareer-pivot friendly

Who this role is best for

Best suited to senior security engineers with hands-on experience across application, cloud, and compliance domains working in regulated healthcare environments.

Best fit for

  • Security generalists comfortable balancing technical and compliance priorities.
    — “balance technical and compliance priorities
  • Engineers experienced in embedding security into SDLC and CI/CD pipelines.
    — “embed security into software development
  • Professionals with multi-domain expertise in AWS, Kubernetes, and OWASP Top 10.
    — “operate across multiple security domains

Things to consider

  • On-site presence expected given office perks like free meals and gym.
    — “Free lunch in the office daily
  • Healthcare or fintech experience preferred but not strictly required.
    — “Experience in SaaS, fintech, healthcare

How to stand out

  • Showcase cross-functional collaboration with engineering and compliance teams.
    — “partner closely with Engineering, DevOps, IT, and Compliance teams
  • Highlight specific contributions to SOC 2 or HIPAA compliance programs.
    — “Support security compliance initiatives including SOC 2, ISO 27001, HIPAA
  • Demonstrate automation skills with Python/Bash for security tooling.
    — “Scripting or automation experience using Python, Bash, PowerShell
Pace · Fast PacedCollaboration · HighAutonomy · MediumDecision Impact · TeamLevel · Mid

Derived from job-description analysis by Serendipath's career intelligence engine.

What success looks like

  • embed security into software development
  • support security compliance initiatives
Typical background
security engineeringcloud infrastructure

Skills & requirements

Required

Security EngineeringCloud SecurityApplication Security

Preferred

AI In SecurityCompliance

Stack & domain

PythonBashPowershellSecurityCloudInfrastructure

About the role

Original posting from Mandolin via Ashby

ABOUT MANDOLIN

Nearly every disease will become treatable in our lifetimes. Mandolin is laying the clinical and financial infrastructure to get groundbreaking treatments to patients faster, powered by AI agents.

Mandolin partners closely with the largest healthcare institutions in the US, covering more than $10B drug spend across the country. We're backed by Greylock, SV Angel, Maverick, SignalFire, and the founders of Vercel, Decagon, and Yahoo.

THE ROLE

Mandolin is seeking a highly motivated and versatile Security Engineer to help secure our applications, cloud infrastructure, and compliance programs. This role is ideal for a security generalist with hands-on experience across Application Security, Platform/Cloud Security, and Governance, Risk & Compliance (GRC). The ideal candidate will partner closely with Engineering, DevOps, IT, and Compliance teams to embed security into software development, infrastructure, and operational processes while supporting the organization’s overall security and compliance posture.

The ideal candidate is a hands-on security professional who can operate across multiple security domains, balance technical and compliance priorities, and help build scalable, practical, and business-aligned security programs.

WHAT YOU’LL DO

  • Integrate security into the Software Development Lifecycle (SDLC) and CI/CD pipelines
  • Conduct application security reviews, threat modeling, vulnerability assessments, and support secure code review practices
  • Identify and remediate vulnerabilities related to the OWASP Top 10, APIs, authentication/authorization, secrets management, and software dependencies
  • Design and implement security controls across cloud and infrastructure environments including AWS, Azure, or GCP
  • Secure cloud-native platforms, containers, Kubernetes environments, CI/CD systems, and Infrastructure-as-Code (IaC) deployments
  • Monitor and improve logging, alerting, vulnerability management, endpoint protection, and incident response capabilities
  • Collaborate with Platform Engineering and DevOps teams to improve infrastructure hardening and operational security practices
  • Support security compliance initiatives including SOC 2, ISO 27001, HIPAA, PCI-DSS, GDPR, and NIST-based programs
  • Assist with risk assessments, audit readiness, evidence collection, policy development, vendor security reviews, and remediation tracking
  • Help drive security awareness, promote secure engineering best practices, and contribute to long-term security strategy and maturity initiatives
  • Research emerging threats, vulnerabilities, and security technologies to continuously improve organizational security posture

MUST-HAVE EXPERIENCE

  • 4+ years of experience in Security Engineering, Application Security, Cloud Security, DevSecOps, or related cybersecurity roles
  • Strong understanding of application security, infrastructure/cloud security, and security compliance concepts
  • Experience securing modern web applications, APIs, cloud environments, and distributed systems
  • Hands-on experience with cloud platforms such as AWS, Azure, or GCP
  • Familiarity with CI/CD pipelines, container security, Kubernetes, and Infrastructure-as-Code security practices
  • Experience with security tools such as SAST, DAST, SIEM, vulnerability scanners, CSPM, EDR/XDR, and IAM solutions
  • Scripting or automation experience using Python, Bash, PowerShell, or similar languages.
  • Strong communication skills with the ability to collaborate across technical and non-technical teams

NICE-TO-HAVES

  • Experience in SaaS, fintech, healthcare, or other regulated environments
  • Familiarity with Zero Trust architectures and modern identity/security frameworks
  • Experience supporting compliance audits and governance initiatives
  • Relevant certifications such as CISSP, Security+, CCSP, AWS Security Specialty, GSEC, OSCP, or similar

Compensation Philosophy

Compensation for this position will include a base salary, equity, and a variety of comprehensive benefits. The U.S. base salary range for this role is $160,000 - $270,000. Actual base salaries will be based on candidate-specific factors, including experience, skillset, and location, and local minimum pay requirements as applicable.

Benefits & Perks

As part of our total rewards package, we offer attractive benefits and perks to our employees, including:

  • Free lunch in the office daily & dinner if you're in the office past 7PM
  • Comprehensive health, dental, & vision insurance for you and your family
  • Life insurance
  • 10 company holidays
  • Take what you need PTO
  • 4% 401k matching
  • $300/month company-sponsored commuter benefits
  • State of the art gym in the office
  • And more!

Please note the above benefits & perks are for full-time employees

Source: Mandolin careers (Ashby)

Similar roles