Senior Security Engineer – Platform Security

Join us as we work to create a thriving ecosystem that delivers accessible, high-quality, and sustainable healthcare for all.

athenahealth is a progressive & innovative U.S. health-tech leader, delivering cloud-based solutions that improve clinical and financial performance across the care continuum. Our modern, open ecosystem connects care teams and delivers actionable insights that drive better outcomes. Acquired by Bain Capital in a $17B deal, we're growing fast and investing in bold, strategic product innovations. We foster a values-driven culture focused on flexibility, collaboration, and work-life balance.

Headquartered in Boston, we have offices in Atlanta, Austin, Belfast, Burlington, and in India: Bangalore, Chennai and Pune.

Position Summary: We are looking for a Senior Security Engineer (Platform Security) to help strengthen the security capabilities of our team in Bangalore. You will work closely with scrum teams, product managers, security architects, and engineering leadership to improve the quality and adoption of automation and orchestration across athenahealth's security practices. But enough about us let's talk about you!

You are a curious problem solver with a passion for security. You enjoy improving the quality and adoption of Security Development Lifecycle practices, and you thrive in technical leadership roles with a high degree of independence.

The Team: Join a collaborative group that tackles new and complex application security challenges at scale. Use your security, engineering, and communication skills to make a difference at a company that enables medical professionals to focus on what they do best - treating patients.

Job Responsibilities

• Drive the execution and adoption of key security best practices across the R&D organization.

• Contribute to the enterprise security catalog of best practices, techniques, and patterns to enable secure implementation of product features.

• Partner with InfoSec teams to deploy and manage internal applications on public cloud providers (AWS, Azure, GCP, etc.).

• Ensure effective organizational use of application security tools (CNAPP, SCA, API active testing), integrating them into a unified pipeline to prevent vulnerabilities during the development lifecycle.

• Evaluate and deploy GenAI security controls across the enterprise.

• Identify and explain feature-level design or architectural weaknesses that could result in security issues.

• Collaborate with enterprise security leadership to track, prioritize, and resolve open issues.

• Work with stakeholders such as Platform, DevOps, and Infrastructure teams to build security-hardened tech stacks for development and production.

• Document, share, and help automate coverage for common abuse cases and attacks.

Typical Qualifications

• Bachelor's degree in Computer Science, Computer Engineering, Cybersecurity, or a related field, or equivalent experience.

• At least 5 years of experience as a software developer and 3-5 years in a security-focused development role within an agile environment.

• Experience in software and product design, architecture, product security, and security issue prevention/mitigation strategies.

• Strong knowledge of any programming languages such as Java, JavaScript (NodeJS), C#, Perl, Python, etc., with the ability to identify and understand security vulnerabilities in code.

• Experience working with agentic coding tools and concepts (skills, MCP, hooks).

• Practical experience with containerization (Docker) and Infrastructure as Code (Terraform, CloudFormation, etc.).

• Knowledge of key security technologies such as OAuth, SAML, Kubernetes, etc.

• Solid understanding of web services, including RESTful services, Service Bus architectures, and JSON.

• Current knowledge of HIPAA, HITRUST, and PCI-DSS requirements.