View All Jobs 171622

Staff Security Engineer

Design and implement scalable security frameworks for multi-cloud health data compliance
Toronto
Senior
$193,500 – 230,000 CAD / year
3 days ago
League

League

A health-focused platform offering digital and in-person healthcare services to employers and employees for wellness and benefits management.
6 Similar Jobs at League

Staff Security Engineer

Founded in 2014, League is the leading healthcare consumer experience (CX) platform, powered by artificial intelligence (AI), reaching more than 63 million people around the world and delivering the highest level of personalization in the industry. Payers, providers, and consumer health partners build on League's platform to deliver high-engagement healthcare solutions proven to improve health outcomes. League has raised over $285 million in venture capital funding to date, powering the digital experiences for some of healthcare's most trusted brands, including Highmark Health, Manulife, Medibank, and Shoppers Drug Mart.

League's security engineering teams are responsible for scaling security in the development lifecycle and vulnerability management. We believe in security by design and follow a paved road philosophy by building or buying tools that we can integrate into our platform to ultimately make it easier for our engineers to do the right thing. Security is everyone's responsibility, but security engineering is how we make it possible for engineers to ship high quality code to production several times per day with security baked in.

As a Staff Security Engineer at League, you will be a principal technical leader helping to set the long-term security architecture and strategy across our entire platform, infrastructure, and engineering organization.

You will move beyond incremental improvement to solve the highest-impact, most ambiguous, and most foundational security problems. You will define the "paved road" by designing common security components, frameworks, and reference architectures that make it nearly impossible for engineers to ship insecure code. You are expected to not only execute but also to help define the technical strategy for scaling security by design across a high-growth health tech environment. This role has system-level impact, driving security and compliance controls directly into the foundational fabric of League's technology.

Architectural Leadership: Help define and champion the long-term technical security roadmap, architecture patterns, and standards for League's applications, infrastructure, and multi-cloud environment.

Cross-Functional Strategy: Act as the primary security technical partner and consultant to Platform, Product, and executive leadership, driving alignment on multi-quarter security initiatives.

Security Design Governance: Lead high-stakes, complex security design and architecture reviews (STRIDE/threat modeling) for new services and core platform migrations, ensuring all foundational systems meet strict health data compliance requirements.

Risk & Vulnerability Strategy: Design, implement, and automate organization-wide frameworks for continuous vulnerability management and detection, moving beyond manual triage to scalable remediation systems.

Due Diligence Expertise: Architect the security due diligence program for critical third-party vendors and partnerships that handle sensitive customer data, setting non-negotiable architectural requirements.

Mentorship & Elevation: Actively mentor Senior and mid-level security engineers, fostering a culture of security architecture excellence and technical leadership within the team and across the organization.

About You

  • 8+ years of progressive experience in security engineering, with at least 2 years operating at the Senior or Principal Engineer level.
  • Deep expertise in cloud security architecture (AWS, GCP, or Azure), focusing on securing containerization (Kubernetes), cloud IAM, and infrastructure as code (Terraform).
  • Proven track record of successfully leading and delivering large-scale, cross-organizational security initiatives from concept through production deployment.
  • Ability to write secure, production-grade code in languages like Python, Go, Java, or TypeScript to build automation tools and scalable security services.
  • Demonstrates experience designing and implementing controls and architectural mandates to achieve and maintain compliance with HIPAA or HITRUST.
  • Mastery of application security, including secure development lifecycle (SDLC) integration, authentication/authorization protocols (OAuth, OIDC), and common attack vectors.

Security-Related Responsibilities

  • Ensure access management is performed in compliance with the employee's role and responsibilities
  • Responsibility and accountability for executing League's policies and procedures within the department/team
  • Notification of HR, Legal, Compliance & Security of any incidents, breaches or policy violations
  • Compliance with Information Security Policies

Compensation range for Canada applicants only

$193,500 - $230,000 CAD

+ Show Original Job Post
Suggest a correction
























Staff Security Engineer
Toronto
$193,500 – 230,000 CAD / year
Engineering
Apply to job
About League
A health-focused platform offering digital and in-person healthcare services to employers and employees for wellness and benefits management.