Headway
Senior Security Engineer (IR & Automation)
Job Summary
This role is for a Security Engineer responsible for incident response, security operations, and automation within Headway's cybersecurity team. The candidate will design and improve response processes, develop scalable automations, and collaborate with cross-functional teams to enhance security measures. Strong experience in incident investigations, automation, and security engineering is required, along with a focus on impactful work that supports mental healthcare access. The position offers a comprehensive benefits package and emphasizes teamwork and continuous improvement.
Required Skills
Benefits
Job Description
Headway’s mission is a big one – to build a new mental health care system everyone can access. We’ve built technology that helps people find great therapists with the first software-enabled national network of providers accepting insurance.
1 in 4 people in the US have a treatable mental health condition, but the majority of providers don’t accept insurance, making therapy too expensive for most people. Headway is building a new mental healthcare system that everyone can access by making it easy for therapists to accept insurance and scale their practice.
Headway was founded in 2019. Since then, we’ve grown into a diverse, national network of over 45,000 mental healthcare providers across all 50 states who run their practice on our software and have served over 1 million patients. We’re a Series D company with over $325m in funding from a16z (Andreessen Horowitz), Accel, GV (formerly Google Ventures), Spark Capital, Thrive Capital, Forerunner Ventures and Health Care Service Corporation.
We want your time here to be the most meaningful experience of your career. Join us, and help change mental healthcare for the better.
About the role
The Trust team at Headway is responsible for safeguarding the privacy and security of our therapists, patients, and payer partners. As one of the first dedicated Security Engineers on our budding D&R pod, you’ll play a foundational role in building our incident response and security operations capabilities. Your work will center around designing and automating our response processes, ensuring we can rapidly contain and remediate threats across our production and corporate environments.
You’ll collaborate closely with Security, IT, and Engineering teams to build scalable and efficient security automations, lead investigations, and drive continuous improvement in our ability to respond to security events with speed and precision.
What you’ll do at Headway:
- Lead security incident response readiness and execution: Design, build, and refine our incident response processes, including playbooks, tooling, and automations that reduce manual overhead and speed up remediation.
- Automate security workflows: Develop scalable automations that streamline detection triage, investigation, and response, integrating with internal systems and third-party platforms.
- “Close the loop” by mitigating identified risks: Work with Engineering and Trust teams to remediate risks identified during and after the lifecycle of a security incident
- Build and maintain response infrastructure: Own the systems and integrations that support real-time alerting, case management, and incident tracking.
- Continuously improve event coverage: Ensure comprehensive visibility across our environments (cloud, corporate, SaaS, and endpoints), identify telemetry gaps, and lead efforts to close them.
- Support broader security operations: Contribute to vulnerability management, penetration testing coordination, and security reviews, helping to scale Headway’s security posture through automation and repeatable processes.
Tools we use:
- Languages: Python 3, TypeScript
- Libraries: FastAPI, SQLAlchemy, Celery, React/Remix
- Datastores: PostgreSQL, Snowflake
- Infrastructure: AWS (Fargate, ECS, S3), Kafka
- Monitoring & Response: Datadog, PagerDuty
- Version Control: GitHub
- Security Tooling: Snyk, Semgrep, (plus custom tooling and SOAR integrations)
You’ll be great for this role if you have:
- Have deep incident response experience: You’ve led or contributed to major security incident investigations and developed playbooks, processes, and tooling to improve response.
- Are passionate about automation: You’ve built or implemented automated workflows that reduce MTTR (mean time to respond) and increase consistency in security operations.
- Have a strong engineering foundation: You’re comfortable writing production-quality code and building internal tools and systems in support of security operations.
- Thrive in ambiguous environments: You enjoy solving problems without a defined path and bring a pragmatic, fast-moving mindset to security engineering.
- Collaborate well across teams: You’re proactive in working with IT, infrastructure, and product engineers to drive scalable solutions to shared security challenges.
Care deeply about impact: You want your work to contribute directly to a meaningful mission—improving access to mental healthcare.
Our interview process
After you apply to Headway, here are some details of what to expect during the interview process.
- Initial screen: You’ll connect with someone in recruiting so you can learn more about the team, Headway’s mission and exciting growth, and we can get a better idea of your background.
- First round: You'll meet with the hiring manager to hear more about the role and team, and further illustrate the depth of your experience as it relates to the requirements of this specific role.
- Final rounds: You’ll meet several more team members for technical and non-technical interviews, including our CISO who this role reports to, and leave with a fuller picture of what it’s like to work at Headway.
- References and the Offer: Our favorite part of the process! We'll send over all of the details, including specifics on employee equity, and congratulatory messages from excited future team members!
Compensation and Benefits:
- The starting salary for a Senior Security Engineer is $198,000 and increases to $267,000 based on industry tenure and experience.
- Benefits offered include:
- Equity Compensation
- Medical, Dental, and Vision coverage
- HSA / FSA
- 401K
- Work-from-Home Stipend
- Therapy Reimbursement
- 16-week parental leave for eligible employees
- Carrot Fertility annual reimbursement and membership
- 13 paid holidays each year as well as a Holiday Break during the week between December 25th and December 31st
- Flexible PTO
- Employee Assistance Program (EAP)
- Training and professional development
We believe a team's strength is in its people, and we cannot achieve this mission without a team that reflects the diversity of this problem – across race, ethnicity, gender, sexuality, age, national origin, religion, family status, disability, military status, and experience.
Headway is committed to the full inclusion of all qualified individuals. As part of this commitment, Headway will ensure that persons with disabilities are provided with reasonable accommodations. If reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or receive other benefits and privileges of employment, please inform the recruiter when they contact you to schedule your interview.
Headway employees work remotely across the US, with the option to work from offices in New York City, San Francisco and Seattle. Headway participates in E-Verify. To learn more, click here.
Headway
A platform connecting patients with mental health providers, simplifying access to therapy and psychiatric care.
See more jobsSafe Remote Job Search Tips
Verify Employer Thoroughly
Research the company's identity thoroughly before applying. Check for a professional website with contacts, active social media, and LinkedIn profiles. Verify details across platforms and look for reviews on Glassdoor or Trustpilot to confirm legitimacy.
Never Pay to Get a Job
Legitimate employers never require payment for applications, training, background checks, or equipment. Always reject upfront payment requests or demands for bank details, even if they claim it's for purchasing necessary work gear on your behalf.
Safeguard Your Personal Information
Protect sensitive data like SSN, bank details, or ID copies. Share this only after accepting a formal, written job offer. Ensure it's submitted via a secure company system or portal, never through insecure channels like standard email attachments.
Scrutinize Communication & Interviews
Watch for communication red flags: poor grammar, generic emails (@gmail), vague details, or undue pressure. Be highly suspicious of interviews held only via text or chat apps; legitimate companies typically use video or phone calls.
Beware of Unrealistic Offers
If an offer's salary or benefits seem unrealistically high for the work involved, be cautious. Research standard pay for similar roles. Offers that appear 'too good to be true' are often scams designed to lure you into providing information or payment.
Insist on a Formal Contract
Always secure and review a formal, written job offer or employment contract before starting work or sharing final personal details. Ensure it clearly defines your role, compensation, key terms, and conditions to avoid misunderstandings or scams.