Security Architect
Penguin AI
IT
United States
Posted on Jan 31, 2026
About the Role: Your Mission as Our Security Architect
Penguin Ai is searching for a highly technical, hands-on Security Architect to lead our security engineering and compliance initiatives. Let's be crystal clear: this is NOT a CISO role. We need someone who thrives in the technical trenches, someone who lives and breathes code, while still keeping a strategic eye on the horizon.
Think of it this way: you'll be spending 80% of your time with your hands in the dirt (or rather, in the code!)doing actual security work, and 20% on the crucial management and coordination that keeps our ship tight.
This role is paramount as we partner with major Healthcare Enterprises and navigate a labyrinth of compliance frameworks. We're looking for someone with true startup DNA – a quick-moving, multi-hat-wearing wizard who can embed security into our very core, not just bolt it on as an afterthought.
Your Day-To-Day Superpowers: What You'll Actually Do:
Security Engineering & Assessment; The Sentinel's Watch:
We Need Someone With An Extraordinary Combination Of
You'll Waddle With Us If
A Bachelor's degree in Computer Science, Engineering, Data Science, or a related field
Comp & Perks: Because Even Superheroes Need Support!
Security Architect – The Shield & Sword. Compliance Commander. Hands-On Hero.
Who We Are: The Penguin Ai Rebellion!
Forget generic AI. Penguin Ai was born from the direct frustrations of healthcare veterans led by CEO Fawad Butt. As former Chief Data Officer at Optum and Kaiser Permanente, overseeing healthcare data for over 75% of American lives. Fawad recognised the need for purpose-built, battle-ready AI crafted specifically for healthcare’s unique complexities.
Our leadership team, boasting over 150 years of combined healthcare and AI expertise (including Kishore, Mark, Peter, and Terry), now automates messy, expensive workflows: from Prior Auth to HCC Coding and admin ops, in 90 days or less!
So, if you’re an experienced, execution-obsessed hands-on Security Architect, we need you now! We’re growing faster than a penguin on a waterslide
Penguin Ai is searching for a highly technical, hands-on Security Architect to lead our security engineering and compliance initiatives. Let's be crystal clear: this is NOT a CISO role. We need someone who thrives in the technical trenches, someone who lives and breathes code, while still keeping a strategic eye on the horizon.
Think of it this way: you'll be spending 80% of your time with your hands in the dirt (or rather, in the code!)doing actual security work, and 20% on the crucial management and coordination that keeps our ship tight.
This role is paramount as we partner with major Healthcare Enterprises and navigate a labyrinth of compliance frameworks. We're looking for someone with true startup DNA – a quick-moving, multi-hat-wearing wizard who can embed security into our very core, not just bolt it on as an afterthought.
Your Day-To-Day Superpowers: What You'll Actually Do:
Security Engineering & Assessment; The Sentinel's Watch:
- Pen-Test Pro: Regularly raid our own infrastructure and applications with security assessments and penetration tests. Find the weaknesses before the bad guys do!
- Cloud Guardian (AWS): Implement and maintain iron-clad security controls for our cloud infrastructure and all our endpoints
- DevSecOps Maestro: Design, build, and maintain our DevSecOps pipelines and tooling, making security an effortless part of our development flow
- Code Review Crusader: Perform security code reviews and squash vulnerabilities in production code (React, Python, FastAPI) like a bug-busting superhero
- AI Defence Strategist: Implement robust security guardrails for our cutting-edge LLM-based agentic workflows and AI systems
- Compliance Captain: Own and meticulously maintain our SOC2 Type 2, ISO 27001, and HIPAAcompliance programs
- DDQ Dragon-Slayer: Conquer those daunting Security Due Diligence Questionnaires (DDQs) from our Healthcare Enterprise customers with precision and expertise
- Cross-Functional Connector: Coordinate seamlessly across our engineering, product, and operations teams to weave security controls into every fibre of our platform
- Vendor Whisperer: Manage relationships with security vendors and external auditors, ensuring we always have the best allies
- Code Review Mentor: Review and fix security vulnerabilities in code written by other developers, turning potential threats into learning opportunities
- OWASP Jedi: Train development teams on OWASP Top 10 and secure coding practices
- Security Trainer: Conduct engaging security training sessions to level up everyone's game
- Proactive Protector: Embed security best practices into every stage of the development lifecycle
- Incident Commander: Own our incident response processes from start to finish
- Root Cause Analyst: Dive deep to conduct thorough root cause analyses for security incidents
- Communication Czar: Manage customer communications during security events with transparency and policy adherence
- Preventative Pioneer: Implement measures to prevent future incidents based on lessons learned
- Strategic Reporter: Report directly to the Head of Engineering (Co-founders) on risk assessments and our overall security posture
- Audit Ace: Provide oversight and spearhead external compliance audits
- Update Oracle: Deliver weekly security updates to management, keeping everyone informed
- Policy Perfector: Review and update security policies and procedures (no need to author from scratch – you're refining the masterpiece!)
We Need Someone With An Extraordinary Combination Of
- Seasoned Security Veteran: 6+ years of hands-on information security experience
- Cloud Commando (AWS): Deep expertise in cloud security, specifically AWS
- Python Powerhouse: Strong proficiency in Python and the ability to write and review secure code like it's second nature
- Tech Stack Titan: Experience with React, FastAPI, Docker, Kubernetes, GitHub, and Ubuntu
- Penetration Test Pro: A proven track record of conducting penetration tests and vulnerability assessments
- DevSecOps Driver: Hands-on DevSecOps implementation experience that makes security seamless
- SOC2/ISO 27001 Architect: Direct experience implementing and maintaining SOC2 Type 2 and ISO 27001 programs
- HIPAA Hero: HIPAA compliance experience in healthcare or other regulated environments
- DDQ Dynamo: Experience responding to complex customer security questionnaires and RFPs
- Framework Fanatic: Working knowledge of key security frameworks (NIST, CIS, etc.)
- LLM Guardian: A solid understanding of Large Language Model (LLM) security risks and guardrails
- AI/ML Pipeline Protector: Experience securing AI/ML pipelines and agentic systems
- Responsible AI Advocate: Familiarity with AI safety and responsible AI practices
- Cross-Functional Communicator: Excellent communication skills for seamless cross-functional collaboration
- Global Team Player: Comfortable working with globally distributed teams, especially in India
- Self-Starter Samurai: A self-starter mentality with strong ownership – you don't wait to be told
- Security Storyteller: Ability to translate complex security concepts into understandable, engaging language for non-technical stakeholders
- Languages: Python. JavaScript/React
- Frameworks: FastAPI, Pytorch
- Infrastructure: AWS, Docker, Kubernetes, GitHub Actions
- AI/ML: Various LLM platforms and agentic frameworks
- OS: Ubuntu Linux
- Security Tools: You’ll help us select and implement
- Have battled (and won!) in a startup or high-growth environment
- Hold relevant security certifications (CISSP, CEH, OSCP, GIAC, etc.) - your badges of honour!
- Have prior experience in healthcare technology or regulated industries
- Have experience managing distributed security teams
- Possess a background in both offensive and defensive security - you know how to think like the enemy and build impenetrable defences
You'll Waddle With Us If
- You like your coffee with a side of delightful chaos
- You're fuelled by complexity and obsessed with delivering amazing results
- You enjoy wearing multiple hats (sometimes on the same Zoom call)
- You believe customer success is more than just "support tickets" — it’s long-term impact
A Bachelor's degree in Computer Science, Engineering, Data Science, or a related field
Comp & Perks: Because Even Superheroes Need Support!
- Competitive salary: We reward greatness!
- Medical, vision, and dental coverage: Keep you healthy and smiling!
- Generous vacation policy and company holidays: Recharge and conquer!
- A front-row seat in one of healthcare's most exciting AI companies – witness history in the making!
Security Architect – The Shield & Sword. Compliance Commander. Hands-On Hero.
Who We Are: The Penguin Ai Rebellion!
Forget generic AI. Penguin Ai was born from the direct frustrations of healthcare veterans led by CEO Fawad Butt. As former Chief Data Officer at Optum and Kaiser Permanente, overseeing healthcare data for over 75% of American lives. Fawad recognised the need for purpose-built, battle-ready AI crafted specifically for healthcare’s unique complexities.
Our leadership team, boasting over 150 years of combined healthcare and AI expertise (including Kishore, Mark, Peter, and Terry), now automates messy, expensive workflows: from Prior Auth to HCC Coding and admin ops, in 90 days or less!
So, if you’re an experienced, execution-obsessed hands-on Security Architect, we need you now! We’re growing faster than a penguin on a waterslide