Senior Platform & Security Engineer in Philadelphia, Pennsylvania at HLH Holdings LLC dba Highlight Health

Overview

Highlight Health is a mission-driven company that protects consumer rights and controls healthcare costs exclusively for self-funded employers and their stop loss carriers. We are a profitable, fast-growing company without private equity investors.

We are currently building a sophisticated, proprietary Claims Intelligence Platform — a system of record handling protected health information (PHI) and generating financial recommendations with real-world legal and economic weight. Security, compliance, and platform reliability are not afterthoughts here; they are first-class engineering concerns.

We are looking for a Senior Platform and Security Engineer to own the Azure infrastructure, IT operations, and technical implementation of security controls that underpin this platform. This is a hands-on individual contributor role with a potential path toward team leadership as the company grows. You will work closely with the engineering team on platform changes and directly with leadership on SOC 2 Type 2 and HIPAA audit preparation.

If you want technical ownership of a platform where the stakes are real and the work is consequential, we would love to hear from you.

Essential Duties and Responsibilities

Azure Platform Ownership

• Own infrastructure for all Azure resources across development, UAT, and production environments
• Manage and evolve Azure DevOps pipelines for build, test, and deployment
• Operate Azure Container Apps, App Service, Service Bus, Azure Database for PostgreSQL Flexible Server, Blob Storage, and supporting services

• MaintainAzure Key Vault including secrets rotation and enforcement of least-privilege access
• Configure and tune Application Insights and Log Analytics, including PHI-safe logging pipelines that prevent sensitive data from appearing in telemetry

Security Controls and Compliance

• Implement andmaintaintechnical controls in support of SOC 2 Type 2 and HIPAA compliance programs
• Administer Entra ID including conditional access policies, MFA enforcement, group lifecycle management, and identity governance
• Partner with leadership on audit preparation, evidence collection, and control documentation
• Contribute to incident response readiness, including tabletop exercises and runbook development
• Manage logging and alerting functions through Microsoft Purview and Microsoft Sentinel, including alert tuning, analytics rules, and data connector configuration
• Maintain and improve the organization’s security posture through vulnerability management, access reviews, and security monitoring

IT Operations

• Own Office 365 administration, SharePoint configuration, and SaaS tool management for the organization
• Serve as the internal technical authority on endpoint security, device management, and employee access provisioning
• Evaluate and onboard new tooling as the company scales, with a bias toward security and operational simplicity

The Technical Environment

• Infrastructure: Azure Container Apps, Azure App Service, Azure Service Bus, Azure Database for PostgreSQL Flexible Server, Azure Blob Storage
• Security and Identity: Azure Key Vault, Microsoft Entra ID, Microsoft Defender, Azure Policy
• Observability and Security Operations: Application Insights, Log Analytics Workspaces, Microsoft Sentinel, Microsoft Purview

• CI/CD: Azure DevOps pipelines
• Productivity: Microsoft 365, SharePoint, Teams
• Compliance targets: SOC 2 Type 2, HIPAA

Experience and Qualifications

• 7–10 years in cloud platform engineering, DevOps, or infrastructure security
• Hands-on production Azure experience across thefull servicelifecycle, not just resource provisioning
• Practical experience implementing technical controls for HIPAA and SOC 2 Type 2
• Fluent in Entra ID: conditional access, MFA, role assignments, and identity governance
• Appliesappropriate safeguardsfor protected health information, including PHI-safe logging pipelines, data isolation, and least-privilege access controls
• Comfortable owning IT operations end-to-end: M365, SaaS administration, and employee access management included
• Brings a point of view. This role requires someone who assesses the environment,identifiesgaps, and recommends a path forward
• Energized by doing the work. This is a hands-on role with full ownership of the platform and security posture
• Healthcare or regulated industry background is a genuine advantage
• Comfortable incorporating AI-assisted tools and workflows into day-to-day work to improve speed and quality