Security Engineer Intern

Notable is the leading healthcare AI platform for transforming workforce productivity. Health systems, hospitals, and payers use Notable to improve healthcare quality, close gaps in patient care, drive member enrollment, and patient acquisition, retention, and reimbursement, scaling growth without hiring more staff.

We are on a mission to improve the lives of patients, staff, and clinicians - to improve healthcare for humanity. This isn't just a lofty goal - it's something we're achieving every single day. When you join Notable, you become part of a force actively transforming healthcare. Our aim to impact 100 million patients isn't just a number; it's a commitment to creating meaningful change on a massive scale.

Therefore, our culture is purposeful in pursuit of this mission. We believe our culture gives each person the opportunity to do the best work of their lives, work with the best teammates, and have fun achieving great things together.

Role Summary:

Notable is transforming healthcare with intelligent automation. As a Security Engineer Intern, you will help design, build, and automate controls that protect our platform and data, partnering closely with Security, Infrastructure, and Product Engineering.

What You’ll Do:

• Build and automate security controls and guardrails in collaboration with Security and Infra (examples: IaC policy checks, least‑privilege baselines, automated secrets detection in CI/CD).

• Create or tune detections and response playbooks for key risks; validate via simulation and document runbooks.

• Contribute to secure-by-default developer workflows (pre-commit hooks, SAST/DAST pipelines, dependency scanning) and help triage/track findings to closure.

• Implement small, measurable improvements to cloud security posture (e.g., misconfiguration checks, logging/telemetry coverage, tagging/ownership hygiene).

• Write clear documentation and operational SOPs for what you build; hand off with measurable acceptance criteria.

• Partner on security reviews for low-to-medium risk changes and help track mitigations.

You’re a Great Fit if:

• You’ve built things: coursework or projects in security engineering, cloud, or DevSecOps; comfortable reading code and automating with at least one language (Python, Go, or similar).

• Familiar with common security domains such as cloud security (GCP/AWS/Azure), identity and access management, CI/CD security, container/Kubernetes basics, or detection engineering.

• You love to automate, measure outcomes, and leave systems better documented than you found them.

• Strong communicator; can turn ambiguous problems into a small, shippable plan with milestones.

Nice to Have:

• Hands-on with infrastructure-as-code (Terraform), policy-as-code (OPA/Conftest), and CI systems (GitHub Actions, GitLab, or similar).

• Experience with log pipelines and SIEM/analytics tools; basic detection authoring.

• Familiarity with secure software development practices and OWASP Top 10.

• Exposure to healthcare, regulated environments, or privacy-centric design.

#LI-TD1

We value in-person collaboration and connection. For Bay Area–based employees, this role requires being in our San Mateo office at least three days a week. For remote employees, occasional travel to headquarters is expected for company-wide events and onsite gatherings.

Beware of job scam fraudsters! Our recruiters use @notablehealth.com email addresses exclusively. We do not conduct interviews via text or instant message, to purchase equipment through us, or to provide sensitive personally identifiable information such as bank account or social security numbers. If you have been contacted by someone claiming to be a recruiter from Notable from a different domain about a job offer, please report it as potential job fraud to law enforcement and contact us here.