Principal Information Security Engineer
Gravie
IT
Minneapolis, MN, USA
USD 169,200-282k / year
Posted on Oct 15, 2025
Hi, we’re Gravie. Our mission is to improve the way people purchase and access healthcare through innovative, consumer-centric health benefit solutions that people can actually use. Our industry-changing products and services are developed and delivered by a diverse group of unique people. We encourage you to be your authentic self - we like you that way.
A Little More About the Role:
We’re looking for a Principal Information Security Engineer (Generalist) who will be responsible for assisting with all aspects of Gravie’s comprehensive Information Security Program. You will be given a great deal of freedom, opportunity, responsibility, and autonomy as an early hire on our growing Information Security Team. You will be involved with evolving multiple security programs such as Governance, Education & Awareness, Vulnerability Management, Incident Response, Security Engineering and Security Operations. You will be a technical, engineering, and operational subject matter expert across the full spectrum of security programs at Gravie, while also having the opportunity to specialize your role and own individual programs.
The ideal candidate will possess sufficient technical breadth and depth coupled with an ability to lead, communicate effectively, and build relationships. Additionally, the ideal candidate will be exceptionally motivated, eager to learn and make an impact across multiple security verticals while also being comfortable taking initiative and working through ambiguous situations in an environment where excellence is expected.
You will:
· Assist the Chief Information Security Officer with all aspects of Gravie’s Information Security Program (Governance, Education & Awareness, Vulnerability Management, Incident Response, Security Engineering, Security Operations, etc.)
· Develop your expertise and own entire verticals within our Information Security Program
· Build a comprehensive Application Security Program and/or Vulnerability Management Program with a high degree of autonomy and creativity
· Provide strategic input and be a stakeholder in how the security program evolves
· Conduct outreach efforts and present on security topics internally at Gravie
· Build relationships and collaborate with system owners to identify, track and remediate system and/or software vulnerabilities
· Contribute to incident response efforts and support the evolution of our Security Incident Response Plan (SIRP)
You bring:
· A track record of execution and delivery showing initiative, creativity and reliability
· Strong verbal and written communication skills with an ability to elegantly convey complex topics and build consensus with stakeholders at all levels
· Deep expertise with at least one of our security verticals with experience in a few
Extra credit:
· Experience on a small, high performing team with a wide range of responsibilities
· AWS expertise with a mastery of modern cloud security/engineering topics
· Development/Application Security background with an ability to create and lead an Application Security Program, lead a public Bug Bounty Program and be a go-to resource and security liaison for our Product Team
· Experience building and running a comprehensive Vulnerability Management Program in a modern cloud environment.
· Experience as an Incident Commander responsible for leading incident response efforts
· Experience with GRC security functions related to HIPAA, SOC 2 and NIST.
· Bachelor’s degree in Computer Science, Engineering, or a related field
Gravie:
In order to transform health insurance and build a health plan everyone can love, we need talented people doing amazing work. In exchange, we offer a great overall employee experience with opportunities for career growth, meaningful mission-driven work, and an above average total rewards package.
The salary range for this position is $169,200 - $282,000 annually. Numerous factors including, but not limited to, educations, skills, work experience, certifications, etc. will be considered when determining compensation
Our unique benefits program is the gravy, i.e., the special sauce that sets our compensation package apart. In addition to standard health and wellness benefits, Gravie’s package includes alternative medicine coverage, flexible PTO, up to 16 weeks paid parental leave, paid holidays, a 401k program, transportation perks, education reimbursement, and 1 week of paid paw-ternity leave.
A Little More About Us:
· We know healthcare. Our company was founded and is still led by industry veterans who have started and grown several market-leading companies in the space.
· We have raised money from top tier investors who share the same long-term vision as we do of building an industry defining company that will endure over the long run. We are well capitalized.
· Our customers like us. Our revenue churn is in the low single digits, in an industry where greater than 20% churn is common.
· Our culture is unique. We tend to be non-hierarchical, merit-driven, opinionated but kind people who thrive working in a high-performance, fast-paced environment. People at Gravie care deeply about making a positive impact in the lives of the people we serve. We may not be the right place for everybody, but if you get energized by doing work every day that focuses on putting consumers at the front of the line, we could be a great place for you. It takes unique people and diverse perspectives to deliver our results. We encourage you to be your authentic self – we like you that way.