Welcome to HotDoc! Founded in Melbourne in 2012, HotDoc is Australia''s largest patient engagement platform with over 8 million app downloads and partnerships with more than 21,000 practitioners across General Practice, Allied Health, Dental, Specialist, and Optometry. We handle sensitive health (PHI) and personal (PII) data and operate in a highly regulated environment. That means security isn''t an afterthought here it''s foundational to everything we build. This role sits at the heart of that. We have ambitious goals to improve the healthcare experience for everyone in Australia, and we''re looking for exceptional people to help us get there. Role Purpose & Context This is a hands-on, execution-focused security engineering role. You''ll work closely with Engineering, Infrastructure, Product, and Leadership to reduce risk, uplift compliance maturity, and embed security best practices across a growing SaaS platform at a pivotal stage of growth. You''ll report directly to the Principal Security Engineerand work within a collaborative team that values pragmatism, clarity, and psychological safety. This is not a purely advisory or GRC role. You''ll be doing real engineering work building tooling, triaging vulnerabilities, supporting incidents, and helping engineering teams ship securely. You''ll earn trust by being useful, specific, and enabling not by being a gatekeeper. Why Join HotDoc? Join a purpose-driven team where your work directly protects the patients and practitioners who depend on our platform every day. Here''s what you can look forward to: Impactful, meaningful work Security at HotDoc protects real health data for millions of Australians. You''ll see how your work connects to outcomes that matter. A team that values how you work, not just what you deliver Our culture is built on empathy, curiosity, and psychological safety. We challenge with care, not with hierarchy. Genuine autonomy with real support Own your domains and drive your own work, with your leader and team always there to back you up. A structured monthly milestone plan We don''t just hire people and hope for the best. You''ll have a clear 624 month development roadmap, regular 1:1s, and genuine investment in your career progression. What Will You Be Doing? Operational Security & Risk Management Own vulnerability identification, prioritisation, and remediation workflows across infrastructure and application layers using tools, not just spreadsheets Partner hands-on with engineering squads to review, triage, and remediate security risks within normal sprint cycles Participate in incident response and contribute to post-incident improvements that actually get implemented Improve alert quality and reduce noise in security monitoring, so the team responds to what matters Compliance & Audit Readiness Support SOC 2 and PCI DSS control implementation evidence collection, control mapping, and gap remediation Assist with audit preparation cycles and maintain an accurate, up-to-date view of our control posture Contribute to vendor and third-party risk assessments with practical, proportionate judgement Maintain security documentation, policies, and control mappings so they reflect reality, not aspiration Secure Development & AI Enablement Embed security into engineering workflows threat modelling, code review support, secure defaults in CI/CD pipelines Work with product and engineering teams to ensure AI-generated and AI-assisted code follows security best practices Help define guardrails for AI-enabled product features as our AI footprint grows Provide clear, actionable security guidance during design and architecture discussions Security Architecture Support Assist in strengthening encryption, identity, access management, and key management practices Support our MFA rollout and authentication improvement programme Contribute to health data architecture uplift initiatives that protect patient data at scale Security Engineering & Tooling Design, build, and maintain internal security tooling, iterating based on feedback and emerging threat patterns Leverage AI tools to improve the efficiency and effectiveness of security operations What You Must Have to Apply 3+ years of hands-on experience in application security, infrastructure security, or cloud security not purely advisory or GRC roles Demonstrated experience supporting compliance initiatives such as SOC 2, PCI DSS, ISO 27001 or similar you''ve done the work, not just observed it Strong, practical AWS security knowledge (or equivalent public cloud) Experience with vulnerability management tools and remediation workflows you can triage, prioritise, and communicate risk clearly Familiarity with Secure SDLC practices and how to work with developers without slowing teams down Strong written and verbal communication you can translate security risk into language that resonates with engineers, product managers, and executives alike You''re Just the Person We''re Looking For If You Can Demonstrate A pragmatic, enabling mindset you see your job as helping engineers ship securely, not saying no Genuine curiosity and a growth mindset you ask "why?" often and are open to new tools and approaches Ownership and follow-through you drive work to completion without needing to be chased The confidence to speak up you surface risks and concerns proactively, even when it''s not the easy option A socially conscious outlook you understand that security failures here have real consequences for patients and clinicians Comfort with ambiguity and a "progress beats perfection" approach to getting things done What Do Our Employees Love About Working for HotDoc? Our people are at the heart of HotDoc. We are an employee-first company and recognise that we can''t deliver a great patient experience without looking after the people who build it. Flexibility to work from home and our Melbourne HQ Access to our comprehensive Health & Wellbeing Program A generous Learning & Development Budget Parental leave benefits including paid baby sleep school, first aid courses, and EAP for primary and secondary caregivers Company-wide events and activities at our Melbourne HQ, open to all remote and hybrid staff several times a year In-office collaboration days with workshops and team planning sessions Private and confidential EAP from Day 1 In-house Career and Strengths Coaching tailored to every employee Please note: we ask that local team members make an effort to attend our Melbourne HQ regularly to build relationships and collaborate in person. If you have flexible working requirements, please raise this with the Hiring Manager during the recruitment process so we can explore what''s possible. HotDoc Is a Place Where You Can Be You. HotDoc prides itself on being an inclusive and diverse workplace in fact, we celebrate it. If there are any alternative considerations you might require to perform this role, or anything we can do to support you through the application process, please let us know. We''ll do our best to make this a great experience. #J-18808-Ljbffr
Job Title
Security Engineer