Arcadia is dedicated to happier, healthier days for all. We believe that there is a better healthcare world – one powered by data. Our platform transforms complex, diverse data into a unified foundation for health, helping organizations deliver better care, boost revenue, and lower costs.
We’re a team of fiercely driven individuals committed to making healthcare more sustainable—and we’re looking for passionate people to help us get there.
For more information, visit arcadia.io.
Why This Role Is Important to Arcadia
Arcadia is seeking a Senior Director of Security Operations & Engineering to lead the company’s technical security function across infrastructure, cloud platforms, and corporate environments. This role will unify Security Operations, Cloud and Infrastructure Security, and Threat Detection into a cohesive, high-performing team that protects Arcadia’s healthcare data and SaaS platform.
This is a hands-on technical leadership position. The successful candidate will architect, build, and operate modern security systems while leading engineers, analysts, and network specialists. They will define and drive Arcadia’s technical security roadmap, manage incident response, and implement resilient, scalable security solutions in a highly regulated healthcare SaaS environment.
What Success Looks Like
In 3 months
- Complete all mandatory training and onboarding activities
- Gain a deep understanding of Arcadia’s infrastructure, threat landscape, and existing controls
- Establish clear objectives and technical direction for each pod (e.g., Cloud Security/Security Engineering, Network & Infrastructure Security, and Threat Detection & Response)
- Lead and participate in active incident response and threat hunting activities
- Deliver measurable improvements in detection coverage, cloud posture, and automation
- Implement engineering and process changes that reduce operational burden and MTTR
- Mentor and grow the team’s technical capabilities and leadership maturity
In 6 months
- Mature Arcadia’s Security Operations & Engineering program into a data-driven, automation-enabled function
- Demonstrate reduced risk exposure and improved audit readiness through measurable KPIs
- Be recognized across the company as the go-to technical leader for security architecture and response
In 12 months
- Mature Arcadia’s Security Operations & Engineering program into a unified, metrics-driven function with defined KPIs for detection, response, and remediation performance
- Demonstrate measurable improvement in enterprise and cloud security posture through improved coverage, reduced mean time to detect (MTTD) and mean time to respond (MTTR), and reduced audit findings
- Establish and maintain automated, auditable evidence collection processes that streamline HITRUST, ISO 27001, and SOC 2 compliance
- Deliver a robust, continuously tested incident response framework with automated containment capabilities and full integration into corporate and product operations
- Partner with Product, Infrastructure, and Engineering leadership to embed security design principles and tooling into development lifecycles, driving measurable shifts toward secure-by-default practices
- Influence company-wide technology and risk strategies by serving as a key advisor to executive leadership on emerging threats, security investments, and architecture decisions
- Position Arcadia as an industry leader in healthcare security by driving innovation in automation, detection, and resilience while maintaining operational excellence
What You'll Be Doing
Leadership & Strategy
Lead and develop teams responsible for cloud security engineering, network and infrastructure security, and security operations
Define and execute the security engineering roadmap aligned with Arcadia’s mission and regulatory and compliance obligations (e.g., HIPAA, HITRUST, ISO 27001, SOC 2)
Serve as the senior technical authority for all security controls, tooling, and automation initiatives
Partner with Engineering, IT, and Compliance leadership to embed secure design principles into products and operations
Own and evolve Arcadia’s Computer Security Incident Response Team (CSIRT), ensuring readiness, playbook maturity, and coordination across teams
Represent Security Operations & Engineering in architecture reviews, executive updates, and customer discussions.
Technical Security Ownership
Design, implement, and maintain security controls across Arcadia’s cloud, infrastructure, and application environments to ensure resilience, scalability, and compliance
Architect secure AWS multi-account environments using services such as EKS, ECS, Lambda, and VPC, applying Zero Trust principles and automating configuration management with Terraform or CloudFormation
Manage network and infrastructure security by maintaining segmentation, VPN, firewall, and endpoint protection controls, along with perimeter defenses including WAF, DDoS mitigation, and intrusion detection systems
Lead the configuration and tuning of detection and response capabilities including SIEM pipelines, threat intelligence integration, and incident response workflows to enable rapid detection, containment, and remediation
Serve as Arcadia’s Cyber Security Incident Response Team (CSIRT) Manager, directing the technical response to potential security incidents and coordinating cross-functional engagement during critical events
Implement security-as-code practices that automate control validation, configuration baselines, and remediation using scripting and orchestration tools such as Python, PowerShell, and Bash
Oversee identity and access management across AWS, Okta/Auth0, and Microsoft 365 environments to enforce least-privilege principles and secure authentication
Compliance & Risk Management
Translate compliance controls (e.g., SOC 2, ISO 27001, HITRUST) into enforceable technical configurations
Partner with the Security Assurance team to provide audit evidence and continuous control monitoring
Partner with the Security Assurance to conduct and oversee technical risk assessments, vulnerability management, and remediation planning
Ensure technical alignment to healthcare privacy and security requirements (e.g., HIPAA, HITECH)
Innovation & Continuous Improvement
Evaluate emerging technologies in AI-driven detection, behavioral analytics, and modern DevSecOps tooling
Benchmark security capabilities against industry best practices and high-performing SaaS peers
Foster a culture of continuous improvement, collaboration, and technical excellence within Security Engineering and Operations
What You'll Bring
10+ years in information security, with at least 5 years in technical leadership roles
Proven experience designing and operating secure, cloud-based SaaS infrastructure (AWS required; Azure or GCP a plus)
Cloud security architecture and automation
Incident detection and response
Network engineering and security controls
Vulnerability management and threat modeling
Hands-on technical expertise with scripting/automation (Python, PowerShell, Bash), infrastructure-as-code (Terraform, CloudFormation), and CI/CD integration
Strong familiarity with enterprise IT systems (Active Directory, Okta, MDM, SSO)
Knowledge of regulatory and compliance frameworks including HIPAA, HITRUST, and ISO 27001
Demonstrated experience leading multidisciplinary technical teams in dynamic environments
Would Love for You to Have
More than one advanced security certifications such as CISSP, CCSP, GIAC (GCTI, GCIA, GCFA, GCSA), or AWS Security Specialty
Experience with container security, Kubernetes, and EDR/MDR solutions
Background in healthcare or other regulated industries
Prior ownership of 24x7 security operations in a SaaS or cloud-native organization
What You'll Get
Build and lead a world-class technical security organization in a mission-driven healthcare company
Work with cutting-edge cloud technologies in a fully remote, collaborative environment
Competitive compensation, comprehensive benefits, and strong career advancement opportunities
Chance to be surrounded by a team of extremely talented and dedicated individuals driven to succeed
Be a part of a mission driven company that is transforming the healthcare industry by changing the way patients receive care
A flexible, remote friendly company with personality and heart
Employee driven programs and initiatives for personal and professional development
About Arcadia
Arcadia.io helps innovative providers and payers across the country transform healthcare to reduce cost while improving patient health. We do this by aggregating large amounts of disparate data, applying algorithms to identify opportunities to provide better patient care, and making those opportunities actionable by physicians at the point of care in near-real time. We are passionate about helping our customers drive meaningful outcomes. We are growing fast and have emerged as a market leader in the highly competitive population health management software market and have been recognized by industry analysts KLAS, IDC, Forrester, and Chilmark for our leadership. For a better sense of our brand and products, please explore our
website.
Protect Yourself
If you have concerns about the authenticity of a job offer or recruitment-related communication claiming to be from Arcadia, we encourage you to verify by contacting us directly at (781) 202-3600 and select option 3. For more information, visit our
website.
This position is responsible for following all Security policies and procedures in order to protect all PHI under Arcadia's custodianship as well as Arcadia Intellectual Properties. For any security-specific roles, the responsibilities would be further defined by the hiring manager.
