Staff Software Engineer, Security

Dandy is transforming the massive ($200B) but antiquated dental industry. Backed by some of the world's leading venture capital investors, we are on an ambitious mission to integrate and simplify every function of the dental practice through technology. By building the operating system for every dental office in America, Dandy is empowering dentists with technology, innovation, and world-class support to achieve more for their practice, their people, and their patients.

About the Team

We are offering a distinct opportunity: the chance to be our first dedicated security leader and help establish the formal security and compliance function for our growing dental tech platform.

We have a modern tech stack powering our business, but we need an expert like you to build out the security strategy, mature our processes, implement the right tooling, and foster a strong security culture. This is your opportunity to take a leadership role with high autonomy and resources, integrating best practices within a rapidly growing organization. You'll be a key security authority, tackling crucial challenges around protecting sensitive patient data (HIPAA compliance is critical), securing our cloud infrastructure, and embedding robust security within a fast-paced development lifecycle.

If you're motivated by significant ownership, making a tangible impact quickly by bringing structure and expertise, and building a mature security posture for a growing company poised for significant impact, this role provides that unique combination.

What You’ll Do

• Formalize and lead the end-to-end vulnerability management program, implementing appropriate tools, automation, and remediation processes.

• Establish and manage our security compliance program, ensuring robust adherence to HIPAA and other relevant standards through policy development, assessments, and audits.

• Assess, select, implement, and manage core security infrastructure and tooling tailored to our cloud environment.

• Develop and lead Dandy's security incident response capability, ensuring readiness and effective management.

• Define, own, and drive the company's security strategy and roadmap, acting as the key security voice to engineering and executive leadership.

What We’re Looking For

• 8+ years of progressive cybersecurity experience with a proven track record of leading impactful security initiatives or maturing security programs.

• Deep strategic and hands-on expertise across security domains, especially vulnerability management, compliance (HIPAA expertise highly valued), and cloud/application security.

• Experience assessing existing environments and implementing effective security controls and processes.

• Proven success in leading incident response and conducting thorough risk assessments.

• Strong analytical skills, excellent communication to champion security across the company, and the drive to operate autonomously and build out a critical function.

• Adaptability to apply security principles effectively in a fast-paced, high-growth startup environment.

Bonus Points

• Deep experience within the healthcare technology sector and implementing HIPAA controls.

• Proven experience integrating security effectively into CI/CD and DevSecOps workflows.

• Strong scripting/automation skills (Python, Go, etc.) for security contexts.

• Relevant industry certifications (CISSP, CISM, OSCP, cloud security).

• Experience helping an organization scale its security practices during rapid growth.

For full time positions, we offer a wide range of best in class, comprehensive and inclusive employee benefits including healthcare, dental, parental planning, mental health benefits, a 401(k) plan, and paid time off.

Dandy is proud to be an equal-opportunity employer. We are committed to building a diverse and inclusive culture that celebrates authenticity to win as one. We do not discriminate on the basis of race, religion, color, national origin, gender, gender identity, sexual orientation, age, marital status, disability, protected veteran status, citizenship or immigration status, or any other legally protected characteristics.

Dandy also fully complies with the Americans with Disabilities Act (ADA). We are dedicated to embracing challenges and creating an accessible, inclusive workplace for all individuals. If you require any accommodations for your interview or have any questions beforehand, rest assured that we will do everything we can to meet your needs. Visit Dandy Careers for more!