Lead Security Engineer
Location: Remote
Compensation
$20.00–$30.00 USD per hour
This position is compensated in U.S. Dollars (USD) regardless of the candidate's country of residence.
For candidates outside the United States, compensation will still be paid in USD and converted by your payment provider or financial institution based on applicable exchange rates.
Employment Type: Full-Time Independent Contractor
About Ironsail
Ironsail is an AI-driven healthcare technology company seeking a Lead Security Engineer to become our first dedicated security hire and build our security program from the ground up.
This is not a compliance role.
This is not a governance role.
This is not a policy-writing position.
This is not a traditional CISO role.
This is a highly technical engineering position for someone who enjoys solving difficult infrastructure and security problems.
We are looking for an engineer who evolved into security.
The strongest candidates typically started their careers as:
- DevOps Engineer
- DevSecOps Engineer
- Infrastructure Engineer
- Systems Engineer
- Cloud Engineer
- Site Reliability Engineer (SRE)
- Security Engineer
- Senior Software Engineer with infrastructure ownership
If your experience is primarily governance, compliance, auditing, consulting, or risk management, this role is unlikely to be the right fit.
If you've personally built infrastructure, secured cloud environments, automated deployments, implemented production security controls, and enjoy owning technical outcomes, we'd love to speak with you.
Why This Role Is Different
This isn't joining an existing security department.
You'll build it.
You'll become the technical owner responsible for designing, implementing, and continuously improving security across our cloud infrastructure, applications, engineering processes, and internal systems.
You'll work directly with Engineering, DevOps, Product, and Leadership to establish security as a core engineering function—not a compliance checkbox.
You'll have significant autonomy to shape how security is implemented across the company.
Why We're Hiring
Following a recent internal security review, we've identified several areas requiring dedicated ownership, including:
- Privileged Access Management (PAM)
- Endpoint security
- Identity & Access Management (IAM)
- Vulnerability Management
- Backup & Disaster Recovery
- Security monitoring and alerting
- Security automation
- Formal onboarding and offboarding processes
- Access governance
- Security architecture ownership
Today these responsibilities are distributed across Engineering and DevOps.
We want one experienced engineer to own them.
What You'll DoSecurity Engineering
- Assess existing cloud infrastructure and security posture
- Design and implement security architecture improvements
- Harden Linux systems and cloud environments
- Secure applications, endpoints, and production infrastructure
- Design practical remediation strategies
- Build scalable security standards
Implement and manage
- Privileged Access Management (PAM)
- Identity & Access Management (IAM)
- Multi-Factor Authentication (MFA)
- Endpoint Detection & Response (EDR)
- Backup & Disaster Recovery
- Network Security
- Secrets Management
Vulnerability Management
Build and own our vulnerability management program.
Responsibilities include:
- Nessus
- Qualys
- Security monitoring platforms
- Alerting
- Security metrics
- Configuration reviews
- Security code reviews
- Internal security assessments
- Access reviews
- Phishing simulations
Own remediation through completion.
Security Operations
- Respond to incidents
- Perform root cause analysis
- Improve monitoring
- Automate repetitive security tasks
- Improve operational resilience
- Design secure engineering workflows
Identity & Access Management
Own:
- Employee onboarding
- Employee offboarding
- Role-based access control
- Privileged account governance
- Least-privilege access
- Periodic access reviews
Compliance
Security comes first.
Compliance follows.
You'll support initiatives including:
You'll also:
- Support vendor security reviews
- Coordinate penetration tests
- Assist cyber insurance requirements
- Drive remediation of audit findings
AI-First Engineering
Ironsail is an AI-first engineering company.
We expect our Lead Security Engineer to use AI every day.
Examples include:
- Threat investigations
- Security research
- Log analysis
- Incident response
- Security automation
- Python scripting
- Report generation
- Vulnerability remediation
- Infrastructure analysis
We expect candidates to already be comfortable using tools such as:
- Claude
- ChatGPT
- Gemini
- Cursor
- GitHub Copilot
- Similar AI engineering tools
Candidates should be able to explain how AI improves their daily engineering workflow.
Required Qualifications
We are specifically looking for engineers.
Candidates should have 7+ years of hands-on experience in one or more of the following:
- DevOps Engineering
- DevSecOps
- Infrastructure Engineering
- Systems Engineering
- Cloud Engineering
- Site Reliability Engineering (SRE)
- Security Engineering
- Senior Software Engineering with infrastructure ownership
Required Technical Experience
You have personally implemented production security controls including:
- Linux administration
- AWS, Azure and/or GCP
- Identity & Access Management
- Privileged Access Management
- MFA
- Endpoint Detection & Response
- Vulnerability Management
- Network Security
- Backup & Disaster Recovery
You also have experience with:
- Python
- Bash
- PowerShell
- CI/CD security
- Infrastructure as Code
- Kubernetes
- Docker
- Cloud-native infrastructure
What We're Looking For
You are a builder.
You can walk into an unfamiliar environment, quickly understand how systems work, identify the highest-risk security issues, prioritize what matters, and begin implementing improvements.
You've built security programs—not simply audited them.
You don't hand engineering teams a list of recommendations.
You implement the solutions yourself.
You enjoy startups, ambiguity, ownership, and solving difficult engineering problems.
Nice to Have
- Healthcare or pharmaceutical experience
- HIPAA
- CyberArk
- Delinea
- HashiCorp Vault
- Kubernetes Security
- Terraform
- Incident Response
- Digital Forensics
Certifications are appreciated but not required, including:
- CISSP
- CISM
- CISA
- Security+
- AWS Security Specialty
This Role Is Not a Fit If
- Your experience is primarily governance, compliance, or auditing.
- You have never personally implemented production security controls.
- You rely on engineering teams to deploy your recommendations.
- You prefer strategy and policy over hands-on engineering.
- You are uncomfortable being the first dedicated security owner.
Why Join Ironsail
This is a rare opportunity to build an engineering-driven security program inside a fast-growing AI healthcare technology company.
You'll work directly with leadership, engineering, and DevOps to shape how security is designed, implemented, and scaled across the organization.
If you're excited by ownership, autonomy, technical challenges, and the opportunity to build something from the ground up, we'd love to hear from you.
Job Type: Contract
Pay: £15.11-£22.66 per hour
Application question(s):
- Have you personally been responsible for building or significantly improving a security program in an organization where no dedicated security function previously existed?
- Do you actively use AI tools (ChatGPT, Claude, Gemini, Copilot, Cursor, etc.) as part of your daily cybersecurity workflow?
- Have you personally implemented and managed security controls such as PAM, MFA, endpoint protection, vulnerability management, or access control systems in a production environment?
- Are you comfortable serving as the first dedicated security hire and independently identifying, prioritizing, and remediating security risks with minimal oversight?
Work Location: Remote