Software Engineer, IT and Security
Software Engineering, IT
New York, NY, USA
USD 80k-120k / year + Equity
Parachute Health is transforming post-acute care as the leading digital ordering platform for medical equipment and supplies. We connect major health systems, health plans, and suppliers to help patients get the life-saving products they need at home. Since launching, we've connected 300,000+ clinicians and 3,000+ supplier locations across all 50 states and helped 15M+ patients. What started as a DME ePrescribing tool has become the order management platform of choice for home medical equipment.
Join our team and make a difference in patient care.
About the Role
You'll be the dedicated software engineer embedded in Parachute Health's IT & Security team, writing the code that runs our internal operations. You'll build internal applications, automation services, and AI agents that replace manual work across identity, endpoint, cloud security, compliance, and incident response - in an environment governed by HIPAA, SOC 1, SOC 2, and HITRUST.
What you'll build
Concrete projects on the roadmap for your first year:
- A self-service access portal (React + Node.js + Okta API) that lets employees request app and AWS access, routes for approval, and provisions automatically.
- An automated user lifecycle service (Python) that listens to HR webhooks and orchestrates Okta, AWS, GitHub, and SaaS provisioning/deprovisioning end-to-end.
- An audit evidence collection service (Python) that pulls evidence from 30+ systems (AWS, GitHub, Okta, Drata, Splunk) on a schedule and writes structured evidence into our compliance platform.
- An alert enrichment pipeline (Python) that takes raw security alerts, queries context from logs/CMDB/HR systems, and writes back enriched, triaged tickets.
- AI agents and MCP servers (Python, TypeScript) - agents built on the Anthropic API that safely read from and act on our internal systems: running access reviews, drafting compliance evidence, triaging tickets.
- Detection-as-code in Splunk SPL / Wazuh rules / SQL that turns log data into actionable alerts.
- n8n workflows for simpler integrations where a full service isn't justified - you'll pick the right tool for the job.
Tech stack
- Languages: Python (primary), TypeScript/Node.js, SQL, Bash
- Cloud: AWS (Lambda, ECS, EKS, S3, RDS/Aurora, IAM, Secrets Manager), GCP (BigQuery)
- Data: Redshift, BigQuery, Postgres
- AI / agents: Anthropic API, Model Context Protocol (MCP), retrieval/embeddings, eval frameworks
- IT & Security integrations: Okta, ZScaler, Splunk, Wazuh, Lacework, Drata, Datadog, GitHub, n8n
- Deployment: GitHub Actions, ArgoCD, EKS (consumed via Parachute's existing platform)
- Observability: Datadog, Splunk
Requirements
- Minimum 2 years of professional software engineering experience in a production web environment.
- Strong professional experience in Python or TypeScript/Node.js. Bonus if both.
- Comfort writing SQL against real production datasets.
- Hands-on experience with AWS (IAM, Lambda/ECS/EKS, S3, RDS) and Infrastructure-as-Code.
- Experience integrating with REST/GraphQL APIs and webhooks across SaaS platforms.
- Strong fundamentals: data structures, design patterns, testing, code reviews.
- Security-first mindset: you think about least privilege, secrets handling, PHI exposure, and audit trails by default.
- Working knowledge of at least one compliance framework - SOC 2, HITRUST, HIPAA, ISO 27001, or NIST.
- Must reside in the U.S.
Nice to have
- Experience building AI agents or LLM-powered tools in production — agent architectures, tool integration, MCP, retrieval-augmented generation, eval frameworks.
- Experience driving AI adoption across a technical team (pairing, demos, reusable skills/plugins).
- Familiarity with our stack: Okta, ZScaler, Splunk/Wazuh, Lacework, Drata, Datadog, n8n.
- SIEM detection engineering (Splunk SPL, Wazuh rules, Sigma).
- Experience with Kubernetes (EKS), GitOps (ArgoCD), or service mesh (Istio with OIDC/JWT).
- Healthcare technology background - exposure to HIPAA, PHI handling, or DME workflows.
- Security or cloud certifications (CISSP, CCSP, AWS Security Specialty, GCIH, OSCP).
- Professional experience with Ruby on Rails (Parachute's primary product stack — useful for cross-team collaboration).
- Experience as a technical lead bridging IT, Security, Engineering, and Compliance stakeholders.
What a typical week looks like
- Code review, write, and ship - Python services, TypeScript tools, SQL queries, agent definitions.
- Pair with security analysts and IT engineers to translate operational pain into shipped automation.
- Design and build APIs, schedulers, and event-driven services that integrate across our SaaS stack.
- Write tests, dashboards, and runbooks for everything you ship.
- Participate in an on-call rotation for the IT/Security tooling you own (not customer-facing platform).
- Sit in on architecture reviews and incident response.
Benefits
- Medical, Dental, and Vision Coverage: Comprehensive plans with options for low-to-no-cost premiums.
- Employer HSA Contribution: Company-funded contributions to your Health Savings Account.
- 401(k) Retirement Plan
- Equity Incentive Plan
- Annual Company-Wide Bonus: Opportunity for up to 15% bonus based on company performance.
- Remote-First Culture: We are remote-first with a dedicated NYC office and reimbursement options for co-working spaces.
- Flexible Vacation Policy
- Summer Fridays: 5 additional Fridays off during the summer (separate from PTO).
- Home Office and Wellness Stipend
- Monthly Internet Stipend
- Annual Learning and Development Stipend
Base Salary Band (based on experience and level)
$80,000 - $120,000
California job applicants may access the Notice of Collection of Personal Information and Privacy Policy with information and rights required by the California Privacy Rights Act (CPRA) the link here.
We are proud to be an equal opportunity employer that does not discriminate on the basis of actual or perceived race, color, creed, religion, national origin, ancestry, citizenship status, age, sex or gender (including pregnancy, childbirth related medical conditions and lactation), gender identity or gender expression (including transgender status), sexual orientation, marital status, military service and veteran status, disability, genetic information, or any other characteristic protected by applicable federal, state, or local laws and ordinances.
This role is not eligible for employer visa sponsorship. Applicants must be legally authorized to work in the United States at the time of application and for the duration of employment. The Company does not sponsor employment authorization for this position.