Parachute Health is transforming post-acute care as the leading digital ordering platform for medical equipment and supplies. We connect major health systems, health plans, and suppliers to help patients get the life-saving products they need at home. Since launching, we've connected 300,000+ clinicians and 3,000+ supplier locations across all 50 states and helped 15M+ patients. What started as a DME ePrescribing tool has become the order management platform of choice for home medical equipment.
Join our team and make a difference in patient care.
You'll be the software engineer embedded in Parachute Health's IT & Security team, building the internal platforms, automations, and AI-powered workflows that keep our healthcare technology environment secure, compliant, and operationally efficient.
You'll write code that touches on identity, endpoint, network, cloud security, compliance, evidence collection, and incident response in an environment governed by HITRUST, SOC 1, and SOC 2.
ResponsibilitiesInternal tooling & automation
- Design, develop, and maintain internal applications and automations that eliminate manual IT/Security work, including provisioning, access reviews, compliance evidence collection, audit preparation, and ticket triage.
- Develop and maintain integrations across the security and IT stack, including Okta, Zscaler, Splunk/Wazuh, Lacework, Drata, Datadog, AWS, GCP, GitHub, and n8n.
- Package, deploy, and operate IT/Security tooling using Parachute's standard deployment patterns and observability stack.
AI & agentic workflows
- Architect agentic AI workflows for IT and Security operations, including automated alert triage, log correlation, root-cause analysis, guided remediation, access-review automation, and audit evidence collection.
- Build the context layer (MCP servers, retrieval pipelines, and embeddings) that grounds AI agents in Parachute-specific systems, policies, and runbooks.
- Drive AI adoption across the IT/Security team through pairing, architecture reviews, and reusable skills/plugins/workflows.
- Build an MCP-based agent that automates audit evidence collection from multiple sources
- Replace manual access-review workflows with an agentic pipeline
Security
- Develop, tune, and maintain SOAR/SIEM detections, dashboards, and correlation rules in Splunk/Wazuh.
- Support threat hunting, incident investigation, pen test, and/or red teaming, and forensic analysis with custom tooling and queries (Redshift, BigQuery, log platforms)
- Apply MITRE ATT&CK, NIST CSF, and HITRUST CSF to guide detection engineering and control implementation.
- Contribute to SOC runbooks, SOPs, and automation playbooks (SOAR).
Security audits & reliability
- Automate compliance evidence collection and control validation across SOC 2, HITRUST CSF, HITRUST AI, and HIPAA.
- Participate in an on-call rotation for IT/Security incidents; contribute to post-incident reviews and continuous improvement.
- Maintain stable, performant, and auditable internal application stacks.
- 2+ years of writing production code in a web-based environment.
- Professional experience with Ruby on Rails, and/or Python, and/or JavaScript/TypeScript (React, Node.js).
- Hands-on experience with AWS (IAM, EC2, ECS/EKS, S3, RDS, Lambda) and infrastructure-as-code.
- Demonstrated experience integrating with REST/GraphQL APIs and building automations across SaaS platforms.
- Working knowledge of at least one compliance framework - SOC 2, HITRUST, HIPAA, ISO 27001, or NIST.
- Security-first mindset: you think about least privilege, secrets handling, PHI exposure, and audit trails by default.
- Strong fundamentals in data structures, design patterns, and TDD.
- Must reside in the U.S.
- Experience building agentic AI systems in production - agent architectures, tool integration via MCP, retrieval-augmented generation, evaluation frameworks.
- Experience setting up AI development environments and driving AI adoption across a technical team.
- Familiarity with our stack: Okta, ZScaler, Splunk/Wazuh, Lacework, Drata, Datadog, n8n workflows and/or Argo workflows.
- SIEM detection engineering or SOC tooling experience (Splunk SPL, Wazuh rules, Sigma).
- Healthcare technology background - exposure to HIPAA, PHI handling, or DME workflows.
- Security or cloud certifications (CCA-F, CISSP, CCSP, AWS Security Specialty, OSCP).
- Experience as a technical lead bridging IT, Security, Engineering, and Compliance stakeholders.
- Proficient in SQL (Redshift, BigQuery) for forensic and operational analytics.
Benefits
- Medical, Dental, and Vision Coverage: Comprehensive plans with options for low-to-no-cost premiums.
- Employer HSA Contribution: Company-funded contributions to your Health Savings Account.
- 401(k) Retirement Plan
- Equity Incentive Plan
- Annual Company-Wide Bonus: Opportunity for up to 15% bonus based on company performance.
- Remote-First Culture: We are remote-first with a dedicated NYC office and reimbursement options for co-working spaces.
- Flexible Vacation Policy
- Summer Fridays: 5 additional Fridays off during the summer (separate from PTO).
- Home Office and Wellness Stipend
- Monthly Internet Stipend
- Annual Learning and Development Stipend
Base Salary Band (based on experience and level)
$80,000 - $120,000
California job applicants may access the Notice of Collection of Personal Information and Privacy Policy with information and rights required by the California Privacy Rights Act (CPRA) the link here.
We are proud to be an equal opportunity employer that does not discriminate on the basis of actual or perceived race, color, creed, religion, national origin, ancestry, citizenship status, age, sex or gender (including pregnancy, childbirth related medical conditions and lactation), gender identity or gender expression (including transgender status), sexual orientation, marital status, military service and veteran status, disability, genetic information, or any other characteristic protected by applicable federal, state, or local laws and ordinances.
This role is not eligible for employer visa sponsorship. Applicants must be legally authorized to work in the United States at the time of application and for the duration of employment. The Company does not sponsor employment authorization for this position.
Skills Required
- 2+ years of writing production code in a web-based environment
- Professional experience with Ruby on Rails, and/or Python, and/or JavaScript/TypeScript (React, Node.js)
- Hands-on experience with AWS (IAM, EC2, ECS/EKS, S3, RDS, Lambda)
- Demonstrated experience integrating with REST/GraphQL APIs and building automations across SaaS platforms
- Working knowledge of at least one compliance framework - SOC 2, HITRUST, HIPAA, ISO 27001, or NIST
- Security-first mindset
- Strong fundamentals in data structures, design patterns, and TDD
What We Do
Nearly half of patients needing medical equipment at discharge don’t get it in time. The ordering process is too convoluted and is still primarily handled by fax. These inefficiencies lead to higher cost of care and poorer patient outcomes. In the most extreme cases, this equipment means life or death. At Parachute Health, it is our mission to make sure that every patient gets what they need, when they need it. We achieve this by driving efficiency through digital connectivity into every aspect of the ordering process, making it delightfully simple.
Why Work With Us
Working at Parachute Health means you'll be part of a collaborative environment where your contributions directly impact patient care and the efficiency of the healthcare system. You'll tackle challenging problems, utilize modern tech stacks, and enjoy a culture that prioritizes innovation, transparency, and growth.
Gallery
