Senior Software Engineer, Security

Heartflow is a medical technology company advancing the diagnosis and management of coronary artery disease, the #1 cause of death worldwide, using cutting-edge technology. The flagship product—an AI-driven, non-invasive cardiac test supported by the ACC/AHA Chest Pain Guidelines called the Heartflow FFR CT Analysis—provides a color-coded, 3D model of a patient’s coronary arteries indicating the impact blockages have on blood flow to the heart. Heartflow is the first AI-driven non-invasive integrated heart care solution across the CCTA pathway that helps clinicians identify stenoses in the coronary arteries (RoadMap™Analysis), assess coronary blood flow (FFR CT Analysis), and characterize and quantify coronary atherosclerosis (Plaque Analysis). Our pipeline of products is growing and so is our team; join us in helping to revolutionize precision heartcare.

Heartflow is a publicly traded company (HTFL) that has received international recognition for exceptional strides in healthcare innovation, is supported by medical societies around the world, cleared for use in the US, UK, Europe, Japan and Canada, and has been used for more than 400,000 patients worldwide.

The Heartflow Information Security team is responsible for security across our corporate and product environments, protecting our patient data and medical device ecosystem. We are looking for a builder that loves the challenge of creating reliable security infrastructure that provides a secure happy path and enables teams to build life-saving products.

The initial focus will be on customizing security detection and automating response but the portfolio of tools and projects spans our cloud infrastructure and will include automation of reporting and compliance.

What You’ll Do:

• Develop security monitoring and alerting systems for Heartflow’s global corporate and production systems.


• Build and administer security tooling through a combination of AWS infrastructure, customization and integration with vendors.


• Collaborate with the Heartflow Platform and SRE teams to implement security strategy for Heartflow’s cloud infrastructure.


• Actively participate in Heartflow’s security incident response process.


• Drive automation of manual security processes for compliance and reporting.

What You Bring:

• Able to demonstrate a track record of driving improvements to a company’s infrastructure security posture.


• Security Communication – Ability to reason about risk in complex environments and communicate that risk to technical and non-technical audiences.


• Programming Skills – Experience delivering automation and integration projects, preferably in Python.


• Infrastructure as Code & Cloud – Familiarity with AWS (or equivalent cloud providers) and configuration tools (Terraform, Chef, Ansible). Experience with containerization (Docker, Kubernetes) and orchestration (GitHub Actions or similar).


• Education & Experience – BS in Computer Science (or related degree) or relevant certifications and equivalent experience. 4+ years experience as a software engineer in an information security or infrastructure engineering discipline.


• Regulated Environment Readiness – Understanding of—or willingness to learn—compliance, documentation, and quality requirements in medical or similarly regulated fields.

What Helps You Stand Out:

• Healthcare Experience – Current knowledge of HIPAA, HITRUST and the complexities of working in a regulated environment. Experience with Software as a Medical Device (SaMD) is especially valuable.


• Experience leveraging AI in security detection and response – Like all security teams, we want to leverage the latest technologies in a responsible and thoughtful manner.

A reasonable estimate of the base salary compensation range is $160,000 to $210,000 per year.

Heartflow is an Equal Opportunity Employer. We are committed to a work environment that supports, inspires, and respects all individuals and do not discriminate against any employee or applicant because of race, color, religion, marital status, age, national origin, ancestry, physical or mental disability, medical condition, pregnancy, genetic information, gender, sexual orientation, gender identity or expression, veteran status, or any other status protected under federal, state, or local law. This policy applies to every aspect of employment at Heartflow, including recruitment, hiring, training, relocation, promotion, and termination.

Positions posted for Heartflow are not intended for or open to third party recruiters / agencies. Submission of any unsolicited resumes for these positions will be considered to be free referrals.

Heartflow has become aware of a fraud where unknown entities are posing as Heartflow recruiters in an attempt to obtain personal information from individuals as part of our application or job offer process. Before providing any personal information to outside parties, please verify the following: A) all legitimate Heartflow recruiter email addresses end with “@heartflow.com” and B) the position described is found on our careers site at .