Everlab is pioneering the next era of healthcare proactive, personalised, and, most importantly, accessible to all. About Us Everlab is an early stage HealthTech startup that recently announced a $15m Seed stage round, building tech-enabled healthcare that improves and extends quality of life using cutting-edge medical research and technology. Our products design and coach our members through personalised risk-management and health-optimisation protocols over months and years to measurably improve lives. Our founding team is experienced in the Medical industry including the preventative health specialist who founded Australia's first full-body MRI clinic, to serial entrepreneurs that have scaled unicorns and have $500m in exits. Our mission is to solve high-impact problems in healthcare that have never been tackled before, which isn't easy. We look for people that are excited by this mission and the challenges they bring as our team is driven to solve these problems together. Our Engineering team is Sydney based with 2-3 days a week in office, in the CBD. About the role We're looking for a Senior Security Engineer who will define and execute Everlab's comprehensive cyber security strategy while being the hands-on technical lead for all security initiatives. Work directly with our Head of Engineering and IT team to build security from the ground up, establishing the foundation for a world-class security program that protects our members' health data and enables sustainable growth. You'll be instrumental in implementing security guardrails and automated controls across our AWS-native infrastructure while leading critical compliance certifications including IRAP and SOC 2. This is a unique opportunity to establish security practices in a high-growth healthtech environment, building the roadmap for a future security team while ensuring we meet the rigorous requirements of healthcare and government clients. Responsibilities Security Strategy & Leadership - Define and execute Everlab's end-to-end cyber security strategy across people, process, and technology - Be the hands-on technical lead for security, while also setting long-term policy and governance direction - Collaborate closely with DevOps and Engineering teams to design secure infrastructure and deployments - Define the roadmap for growing a security function with the right mix of engineering, GRC, and operations Risk Management, Compliance & Accreditation - Lead and maintain certifications such as IRAP and SOC 2, and prepare for others (e.g. ISO 27001, FedRAMP) - Build and enforce internal policies, secure coding practices, and third-party risk frameworks - Manage accreditation processes and coordinate with external auditors Secure Architecture & Implementation - Implement guardrails, automated controls, IAM policies, monitoring and alerting directly in AWS (e.g. Fargate, RDS, API Gateway) - Review and enhance security in CI/CD, container orchestration, source code, and dependencies - Deploy policy-as-code frameworks for automated compliance validation - Create security guardrails that guide developers towards secure choices Monitoring, Detection & Incident Response - Deploy and manage tooling for real-time threat detection and vulnerability management - Lead incident response and postmortem processes; improve playbooks, detection rules, and recovery systems - Simulate attacks or perform internal penetration tests to validate defenses - Build automated incident detection and response capabilities Stakeholder Engagement & External Representation - Act as the senior point of contact for all security-related questions from customers, partners, auditors, and government bodies - Clearly communicate risk posture and mitigation plans to executives and the Board - Promote security awareness and accountability throughout the company, especially within the product team What we are looking for - 7 years of experience in hands Information Security roles, ideally within SaaS or technology-driven businesses - Engineering background with hands-on technical experience (e.g. ex pen tester, security engineer) - Strong understanding of compliance frameworks such as IRAP, SOC 2, ISO27001, GDPR, and other data protection regulations - Hands-on experience managing accreditation processes and audits - Proven track record in risk management, security operations, and incident response Technical Skills Cloud Security : AWS (Fargate, RDS, API Gateway, IAM) Compliance Automation : Policy-as-code frameworks, automated audit tools, Vanta experience preferred Security Tools : SAST/DAST integration, vulnerability management, threat detection platforms Infrastructure : Experience with secure AWS-native architectures and SaaS security Languages : Python, Go, or similar for security automation and tooling CI/CD Security : Securing development pipelines and container orchestration Healthcare & Compliance Knowledge Experience with healthcare compliance requirements and data protection regulations Understanding of government client requirements and security expectations Knowledge of risk assessment methodologies and security frameworks Familiarity with Australian healthcare and government regulations (preferred) Leadership & Communication Skills Exceptional communication skills, with the ability to engage technical and non-technical stakeholders Experience working with government clients highly desirable Ability to translate complex security concepts into business language Track record of building security culture and awareness programs Experience setting up security programs from scratch What we offer in return - Hybrid working with 2-3 days a week in the office and flexibility for appointments, school drop offs etc - You go through the Everlab health program for free, for your health benefit but also for you to experience the product like a customer - Equity (ESOP) - A company culture of highly motivated and driven people that all want to work with the best and be part of building something meaningful - Opportunity to build and lead a security function from the ground up - Direct impact on protecting healthcare data and enabling accessible healthcare technology
