About the role

The Trust team at Headway is responsible for safeguarding the privacy and security of our therapists, patients, and payer partners. As one of the first dedicated Security Engineers on our budding D&R pod, you’ll play a foundational role in building our incident response and security operations capabilities. Your work will center around designing and automating our response processes, ensuring we can rapidly contain and remediate threats across our production and corporate environments.

You’ll collaborate closely with Security, IT, and Engineering teams to build scalable and efficient security automations, lead investigations, and drive continuous improvement in our ability to respond to security events with speed and precision.

What you’ll do at Headway: Lead security incident response readiness and execution: Design, build, and refine our incident response processes, including playbooks, tooling, and automations that reduce manual overhead and speed up remediation. Automate security workflows: Develop scalable automations that streamline detection triage, investigation, and response, integrating with internal systems and third-party platforms. “Close the loop” by mitigating identified risks: Work with Engineering and Trust teams to remediate risks identified during and after the lifecycle of a security incident Build and maintain response infrastructure: Own the systems and integrations that support real-time alerting, case management, and incident tracking. Continuously improve event coverage: Ensure comprehensive visibility across our environments (cloud, corporate, SaaS, and endpoints), identify telemetry gaps, and lead efforts to close them. Support broader security operations: Contribute to vulnerability management, penetration testing coordination, and security reviews, helping to scale Headway’s security posture through automation and repeatable processes. Tools we use: Languages: Python 3, TypeScript Libraries: FastAPI, SQLAlchemy, Celery, React/Remix Datastores: PostgreSQL, Snowflake Infrastructure: AWS (Fargate, ECS, S3), Kafka Monitoring & Response: Datadog, PagerDuty Version Control: GitHub Security Tooling: Snyk, Semgrep, (plus custom tooling and SOAR integrations) You’ll be great for this role if you have: Have deep incident response experience: You’ve led or contributed to major security incident investigations and developed playbooks, processes, and tooling to improve response. Are passionate about automation: You’ve built or implemented automated workflows that reduce MTTR (mean time to respond) and increase consistency in security operations. Have a strong engineering foundation: You’re comfortable writing production-quality code and building internal tools and systems in support of security operations. Thrive in ambiguous environments: You enjoy solving problems without a defined path and bring a pragmatic, fast-moving mindset to security engineering. Collaborate well across teams: You’re proactive in working with IT, infrastructure, and product engineers to drive scalable solutions to shared security challenges.
Care deeply about impact: You want your work to contribute directly to a meaningful mission—improving access to mental healthcare. Our interview process

After you apply to Headway, here are some details of what to expect during the interview process.

Initial screen: You’ll connect with someone in recruiting so you can learn more about the team, Headway’s mission and exciting growth, and we can get a better idea of your background.  First round: You'll meet with the hiring manager to hear more about the role and team, and further illustrate the depth of your experience as it relates to the requirements of this specific role. Final rounds: You’ll meet several more team members for technical and non-technical interviews, including our CISO who this role reports to, and leave with a fuller picture of what it’s like to work at Headway. References and the Offer: Our favorite part of the process! We'll send over all of the details, including specifics on employee equity, and congratulatory messages from excited future team members! Compensation and Benefits: The starting salary for a Senior Security Engineer is $198,000 and increases to $267,000 based on industry tenure and experience. Benefits offered include: Equity Compensation Medical, Dental, and Vision coverage HSA / FSA 401K Work-from-Home Stipend Therapy Reimbursement 16-week parental leave for eligible employees Carrot Fertility annual reimbursement and membership 13 paid holidays each year as well as a Holiday Break during the week between December 25th and December 31st Flexible PTO Employee Assistance Program (EAP) Training and professional development