Information Security Engineer

Virta is the first company with a clinically-proven treatment to safely and sustainably reverse type 2 diabetes and other chronic metabolic diseases without the use of medications or surgery. Our innovations in nutritional biochemistry, data science and digital tools combined with our clinical expertise are shifting the diabetes treatment paradigm from management to reversal. Our mission - to reverse type 2 diabetes in 100 million people by 2025.

Virta is the custodian of sensitive private information about our patients. This is a weighty responsibility and we take it extremely seriously. Security and confidentiality are at the heart of all our technical and human processes and procedures, and we’re looking to hire a talented, dedicated information security expert to help us maintain and improve the strongest possible security posture to protect our patients’ and our own internal data.

As a key member of our growing information security team, you will have a hand in all of Virta’s infosec initiatives, from policy writing to managing audits and remediation. You will work closely with our engineering, IT, operations, and G&A teams to ensure that we meet and exceed compliance requirements for HIPAA, SOC2, and HITRUST at all levels of our business: information system design, automated security monitoring, vendor selection, workforce awareness and training,


  • Hands-on experience designing and implementing HIPAA and/or SOC2 compliance programs
  • Demonstrated experience with information security design principles like zero-trust, security in depth, least-access principle
  • In-depth technical knowledge of secure system design (firewalls, packet filtering, routing, encryption, network design and protocols, etc) and IT (MDM, endpoint protection, DLP)
  • Exceptional written communication skills and attention to detail


  • Take on existing, and design new, infosec practices to ensure we meet or exceed all compliance requirements
  • Manage compliance audits with third-party firms
  • Review and improve our infrastructure and software development with the engineering team to implement security in depth, best practices, and technical controls
  • Help train our workforce in our security policies and procedures
  • Design, improve, and exercise logging and auditing to ensure full auditability of all our systems

90 Day Plan

Within your first 90 days at Virta, we expect you will do the following:

  • Gain a full understanding of Virta’s information systems, policies, and procedures
  • Work with Virta’s head of security; IT, operations and engineering staff; and third-party vendors to implement SOC2 controls for certification in 2019
  • Drive and participate in Virta’s regular information security practices to ensure our systems are and remain secure
  • Establish relationships with non-engineering teams to build trust and help all of Virta maintain and improve its security posture in everything we do

Values-driven culture

Virta’s company values drive our culture, so you’ll do well if:

  • You put people first and take care of yourself, your peers, and our patients equally
  • You have a strong sense of ownership and take initiative while empowering others to do the same
  • You prioritize positive impact over busy work
  • You have no ego and understand that everyone has something to bring to the table regardless of experience
  • You appreciate transparency and promote trust and empowerment through open access of information
  • You are evidence-based and prioritize data and science over seniority or dogma
  • You take risks and rapidly iterate


Apply for this Job

* Required
Almost there! Review your information then click 'Submit Application' to apply.

File   X
File   X