leagueinc

Staff Security Engineer

Preview — apply on company site for full detailsApply Now

At a Glance

Location: Canada
Experience: 8+ years
Posted: 2026-02-05T14:58:51-05:00

Key Requirements

Required Skills

AWSAzureGCPJavaKubernetesPythonTerraformTypeScript

Domain Knowledge

Automation
Engineering
Regulatory

Requirements

8+ years of progressive experience in security engineering, with at least 2 years operating at the Senior or Principal Engineer level.

Deep expertise in cloud security architecture (AWS, GCP, or Azure), focusing on securing containerization (Kubernetes), cloud IAM, and infrastructure as code (Terraform).

Proven track record of successfully leading and delivering large-scale, cross-organizational security initiatives from concept through production deployment.

Ability to write secure, production-grade code in languages like Python, Go, Java, or TypeScript to build automation tools and scalable security services.

Demonstrates experience designing and implementing controls and architectural mandates to achieve and maintain compliance with HIPAA or HITRUST.

Mastery of application security, including secure development lifecycle (SDLC) integration, authentication/authorization protocols (OAuth, OIDC), and common attack vectors.

Responsibilities

League’s security engineering teams are responsible for scaling security in the development lifecycle and vulnerability management.

We believe in security by design and follow a paved road philosophy by building or buying tools that we can integrate into our platform to ultimately make it easier for our engineers to do the right thing.

Security is everyone’s responsibility, but security engineering is how we make it possible for engineers to ship high quality code to production several times per day with security baked in.

As a Staff Security Engineer at League, you will be a principal technical leader helping to set the long-term security architecture and strategy across our entire platform, infrastructure, and engineering organization.

You will define the "paved road" by designing common security components, frameworks, and reference architectures that make it nearly impossible for engineers to ship insecure code.

You are expected to not only execute but also to help define the technical strategy for scaling security by design across a high-growth health tech environment.