Who We Are At Elemy: 

Elemy is a tech-forward provider of pediatric therapy across the United States. We believe that families, clinicians, and insurers all deserve a better healthcare experience, so we built one.

Backed by General Catalyst, Felicis Ventures, Founders Fund, & others. Our mission is to provide personalized, technology-empowered care for children with autism in the environment best suited to help them grow and thrive — the home. We’re looking to rapidly grow our team with values-driven, diverse, caring professionals to help us improve autism care. . 

About The Role: 

The Elemy Security and Trust team is committed to achieving and maintaining the trust of our customers. Integral to this mission is providing a robust security and compliance program that carefully considers data protection matters across all our products and offerings, including the data submitted by customers, partners, and employees to our services. Our business is built on trust and security and making sure all our customers trust us to offer great autism care while safeguarding all of their data.

In cloud first environments we have to assume that the perimeter is fluid, and we cannot assume safety. At Elemy we are embracing a modern Zero Trust posture where we continuously want to assess and identify that the right people have the right level of access to the right resources in the right context with the least performance impact and least friction for all involved. 

Do you have a passion for SaaS and cloud security? Are you skilled at detecting attackers and protecting cloud infrastructures and SaaS applications? We at Elemy need a Director to organize, lead, and manage our security engineering and operations team and help us protect our company and our customers. 

In this role you will bring your leadership and technical expertise to develop, own, manage, and improve the technical security controls that protect our infrastructure, products, services, and data. This role blends security leadership, engineering and analytical skills. We need you to help design, specify, deploy and operate the solutions that protect our products from attack as well as detect and respond to alerts warning of possible anomalous behavior or vulnerabilities in our systems. You will be responsible for improving our information security operations program, including working with other engineering teams to integrate security monitoring into their flows and processes. 

You must be comfortable working with cloud technologies and how to best leverage the security features provided by our cloud service provider or by choosing our own. You must lead by example and have experience leading high performing teams.


In this role, you will be working with management, technical leaders and engineers, compliance director, external auditors, and at times, directly with our customers and partners.

  • Technical Fluency - A passion for cybersecurity and technology, familiarity with infrastructure as software, container and microservices architectures.
  • Advisory Skills - Giving direction, advice and support that helps grow the technical and collaboration skills of the individuals and teams with which they engage.
  • Execution - Planning, coordination, managing dependencies and risks, diving deep when issues arise.
  • Communications - This role requires someone who has strong both written and verbal skills, given the sheer number and diversity of touchpoints you will be interacting with.



  • Provide leadership, guidance, and management of the Elemy Security Engineering and Operations team. Create and implement programs that develop the skills of our existing engineers and attract new talent as Elemy grows.
  • Help design and evolve the security operations program to continuously improve Elemy’s ability to effectively detect and respond to new threats. Partnering with engineering teams to design, build, select and implement effective technical security controls to detect and alert on security events across the Elemy infrastructure and protect the Elemy platform and customers.
  • Providing security technical leadership to set requirements and help other teams understand and meet their security obligations to make good risk-based decisions.
  • At least initially, while the team is in its formative stages,  writing code where needed to automate controls and to deploy new security capabilities.
  • Identifying gaps in coverage of the Elemy security controls and working across teams to specify and deploy improvements that address these gaps.
  • Selecting and/or creating specific applications and functions that integrate with the Elemy platform and build systems that provide the right detective controls that alert on suspicious or anomalous behaviors or vulnerabilities.
  • Participating in and helping lead information security response activities across Elemy and its products.
  • Developing and implementing solutions to collect, transport, and process security data to support risk-based decision making.
  • Integrating security monitoring and measurements that enable engineering teams to quickly spot potential problems and respond to security events within their DevOps processes.
  • Scheduling and interpreting the results of penetration test results and other technical audits and working across teams to champion and implement reasonable mitigations and remediations.
  • Using DevOps tooling and processes to implement security remediations.
  • Creating data flow diagrams and threat models that guide design recommendations.
  • Translating security requirements and obligations into effective security controls.
  • Providing security subject matter expertise and training to teams across the company.
  • Ensuring cross company support for all aspects of security by establishing partnerships with other Elemy teams with the overarching goal of improving trust of Elemy and its products.


Qualifications & experience

  • A minimum of 8 years of experience in a cloud security and information security engineering role. Specifically:
    • 8+ years of information security, and information technology experience
    • 3+ years managing technical teams
    • 4+ years in a technical leadership role.
    • 3+ years in an engineering role designing and supporting public clouds such as AWS, GCP, or Azure.
  • Experience with public cloud security architecture and solutions including but not limited to Network security, segmentation, micro-segmentation strategy, design, and implementation
  • Understanding and delivery experience with leading security frameworks (i.e., National Institute of Standards and Technology (NIST) Cybersecurity (CSF), Zero Trust, etc.)
  • Experience with design, implementation, configuration, and integration of security products from vendors such as Palo Alto Networks, ZScaler, Crowdstrike, Google BeyondCorp, Microsoft, Cisco, Fortinet, Okta, VMWare, Illumio, Guardicore, Hashicorp, cloud SIEMs like Sumo Logic or Splunk is a definite plus. 
  • Experience creating, implementing, and managing technical information security controls including developing or leading security incident response processes and teams.
  • Cybersecurity related certifications (e.g., GSEC, GCIH, CEH, GCIA, CISSP or CISM) are a plus
  • Deep understanding as well as working knowledge of NIST 800-171 and the Cybersecurity Maturity Model Certification and of other security frameworks and processes - CIS, NIST, PCI/DSS, etc.
  • Familiarity and experience with other compliance frameworks such as FedRAMP, FISMA, SOC, ISO, HIPAA, HITRUST, and GDPR/CCPA/Privacy Shield
  • Depth of experience with multiple security technologies such as Firewalls, Intrusion Detection/Prevention Systems, Vulnerability Scanning, WAF, Wireless LAN, NAC, DLP, DDoS Mitigation, WAN security, CASB, SIEM, Content Filtering, Cloud Security gateways, Secure Proxies, SSL crypto solutions, and automation.
  • Demonstrated capability to design, deploy, operationalize and automate secure and highly scalable enterprise systems on public cloud - AWS, Azure or Google Cloud.
  • Experience with secure software development, data protection, cryptography, key management, identity and access management (IAM), network security (VPNs) within cloud environments.
  • Understanding of authentication, federation and authorization frameworks and protocols, e.g. OAuth/OpenID/SAML 20.0/FIDO and commercial offerings such as Okta or Azure AD.
  • Experience supporting engineers building applications and security tooling using primary AWS services such as: VPC, EC2, ELB/ALB, RDS, Route53, S3, Lambda and IAM a definite plus.
  • Good working knowledge of other AWS services such as: CloudTrail, CloudWatch, GuardDuty, Inspector, AWS Certificate Manager, AWS WAF & Shield, Key Management Service (KMS), VPC Flow Logs, Macie is a definite plus.
  • Experience with container technology security is a definite plus (Docker, Kubernetes, etc.).
  • Experience conducting cloud infrastructure security assessments.
  • Automation knowledge (Python, Golang, and bash scripting) & experience in hardening Linux, Windows, and/or Mac systems.
  • Knowledge and experience of vulnerability scanning tools (Qualys, Nessus).
  • Experience in architecting and developing security solutions on one or more cloud platforms (at a minimum AWS and/or GCP proficiency) and applying the cloud native security services.
  • Experience automating AWS services to support information security goals and missions.
  • Direct experience working with SaaS cloud based applications in AWS or Azure.
  • Experience defining and implementing security controls for containers, microservices, and orchestration software is also a plus.
  • Experience identifying and collecting the data that supports effective security dashboards that summarize the security health of the environment across multiple security domains (e.g., networking, host, application, identity, etc.). Reinforce a culture of data-driven decision making.
  • Have a history of successful cross-organizational efforts.

At Elemy, we are a globally distributed team with many of our team members located throughout the world, including in the following cities: San Francisco, New York, Los Angeles, Miami, Toronto, Montreal, and Kyiv. While everyone currently works remotely, we envision a future that balances face to face collaboration with a remote friendly environment.

The above job description is meant to describe the general nature and level of work being performed; it is not intended to be construed as an exhaustive list of all responsibilities, duties, and skills required for the position.

Elemy is an equal opportunity employer that is committed to providing all employees with a work environment free of discrimination and harassment. We celebrate diversity and welcome applicants from every background and life experience. 


Apply for this Job

* Required

U.S. Equal Opportunity Employment Information (Completion is voluntary)

Individuals seeking employment at Elemy Autism Care are considered without regards to race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, gender identity, or sexual orientation. You are being given the opportunity to provide the following information in order to help us comply with federal and state Equal Employment Opportunity/Affirmative Action record keeping, reporting, and other legal requirements.

Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.

Race & Ethnicity Definitions

If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection. As a government contractor subject to Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measure the effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA. Classification of protected categories is as follows:

A "disabled veteran" is one of the following: a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or a person who was discharged or released from active duty because of a service-connected disability.

A "recently separated veteran" means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.

An "active duty wartime or campaign badge veteran" means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.

An "Armed forces service medal veteran" means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.

Form CC-305

OMB Control Number 1250-0005

Expires 05/31/2023

Voluntary Self-Identification of Disability

Why are you being asked to complete this form?

We are a federal contractor or subcontractor required by law to provide equal employment opportunity to qualified people with disabilities. We are also required to measure our progress toward having at least 7% of our workforce be individuals with disabilities. To do this, we must ask applicants and employees if they have a disability or have ever had a disability. Because a person may become disabled at any time, we ask all of our employees to update their information at least every five years.

Identifying yourself as an individual with a disability is voluntary, and we hope that you will choose to do so. Your answer will be maintained confidentially and not be seen by selecting officials or anyone else involved in making personnel decisions. Completing the form will not negatively impact you in any way, regardless of whether you have self-identified in the past. For more information about this form or the equal employment obligations of federal contractors under Section 503 of the Rehabilitation Act, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

How do you know if you have a disability?

You are considered to have a disability if you have a physical or mental impairment or medical condition that substantially limits a major life activity, or if you have a history or record of such an impairment or medical condition.

Disabilities include, but are not limited to:

  • Autism
  • Autoimmune disorder, for example, lupus, fibromyalgia, rheumatoid arthritis, or HIV/AIDS
  • Blind or low vision
  • Cancer
  • Cardiovascular or heart disease
  • Celiac disease
  • Cerebral palsy
  • Deaf or hard of hearing
  • Depression or anxiety
  • Diabetes
  • Epilepsy
  • Gastrointestinal disorders, for example, Crohn's Disease, or irritable bowel syndrome
  • Intellectual disability
  • Missing limbs or partially missing limbs
  • Nervous system condition for example, migraine headaches, Parkinson’s disease, or Multiple sclerosis (MS)
  • Psychiatric condition, for example, bipolar disorder, schizophrenia, PTSD, or major depression

1Section 503 of the Rehabilitation Act of 1973, as amended. For more information about this form or the equal employment obligations of Federal contractors, visit the U.S. Department of Labor's Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.