Principal Security Engineer

San Mateo, CA
About Roam

The modern healthcare system generates enormous quantities of diverse, disconnected data. These data sets present substantial analytic challenges, but can also illuminate new avenues of inquiry that yield unprecedented improvements in global health. Roam is realizing this potential by combining our proprietary data platform with advanced machine learning, empowering life sciences companies, hospital systems, insurers, and governments to make data-driven decisions that improve patient outcomes and guide innovation.

Roam Health Knowledge Graph is the foundation of Roam's data platform and is central to all our applications. This pre-built data ontology brings the world's vast healthcare information together using a patent-pending graph architecture that structures the data while embracing the uncertainty inherent in health datasets.

Our clients generate insight from this data platform through an application suite we’ve engineered to facilitate efficient, iterative analysis of patient-level data at scale and with unprecedented depth. Analysis performed within the Roam ecosystem bypasses the inefficient data integration processes currently required to modify or address a new research question. Roam's technologies have been used to improve drug development, bring new drugs to market, demonstrate value to payors, and compute real world outcomes. These sample use cases, though distinct, all bring Roam closer to achieving our mission: leverage artificial intelligence to bring about sustainable and affordable improvements in patient health.

About Role

We're looking for our first Security Engineer to oversee Roam’s information security planning and execution across our entire technical environment. As a healthcare analytics organization, we are entrusted with highly sensitive life sciences and patient-level data; it is paramount we continue to protect this information and retain the trust of our partners.

In this role, your core responsibility will be to champion security best practices that take into account our business objectives and the machine learning and NLP-centric engineering processes that characterize our work. You will serve as the subject matter expert, advising and collaborating with Roam’s technical teams and external partners to facilitate the compliance of Roam’s security policies and procedures.


    • Serve as Roam’s information security subject matter expert.
    • Develop, maintain, and monitor overarching security infrastructure.
    • Take ownership over the security-related aspects of Roam’s AWS cloud infrastructure.
    • Identify security risks and develop mitigation plans.
    • Keep up with and remediate vulnerabilities, patches, updates.
    • Coordinate with privacy and compliance teams to maintain, interpret, and implement Roam’s security policies.
    • Participate in security audits, risk analysis, and security reviews.
    • Manage all vulnerability/penetration testing.
    • Investigate issues and work with Engineering to resolve any that arise.
    • Work with customers on reviews, architecture, and integrations.
    • Champion a culture of security ownership and instill best practices across the organization, from training to one-off advisement .
    • Tailor security infrastructure to support advanced analytics and machine learning.
    • Lead security change management practices.


    • 5+ years as a Security Engineer or Architect.
    • Familiarity with enterprise level vulnerability/penetration test solutions.
    • Experience with enterprise level SIEM solutions.
    • Experience with antivirus and endpoint protection solutions.
    • Experience in deploying security solutions to AWS.
    • Experience with network design and security.
    • Experience with web application security.
    • Track record of instilling a healthy dose of paranoia within organizations..
    • Familiar with principles of Incident Management.
    • Must possess excellent written and verbal communication skills.
    • Proven ability to execute multiple tasks efficiently and effectively.
    • Demonstrated flexibility, organization and self-motivation.

Beneficial Experience:

    • Experience with HIPAA/HITRUST, SSAE-16(SOC 1/2), PCI.
    • Healthcare experience.
    • AWS Certification.
    • CISSP Certification.
    • Security+.
    • Ability to perform security-centric code reviews.
    • Ability to program using Python and JavaScript.