Everlab is pioneering the next era of healthcare proactive, personalised, and, most importantly, accessible to all.

About Us

Everlab is an early stage HealthTech startup that recently announced a $15m Seed stage round, building tech-enabled healthcare that improves and extends quality of life using cutting-edge medical research and technology. Our products design and coach our members through personalised risk-management and health-optimisation protocols over months and years to measurably improve lives.

Our founding team is experienced in the Medical industry including the preventative health specialist who founded Australia's first full-body MRI clinic, to serial entrepreneurs that have scaled unicorns and have $500m+ in exits.

Our mission is to solve high-impact problems in healthcare that have never been tackled before, which isn't easy. We look for people that are excited by this mission and the challenges they bring as our team is driven to solve these problems together.

Our Engineering team is Sydney based with 2-3 days a week in office, in the CBD.

About the role

We're looking for a Senior Security Engineer who will define and execute Everlab's comprehensive cyber security strategy while being the hands-on technical lead for all security initiatives.

Work directly with our Head of Engineering and IT team to build security from the ground up, establishing the foundation for a world-class security program that protects our members' health data and enables sustainable growth.

You'll be instrumental in implementing security guardrails and automated controls across our AWS-native infrastructure while leading critical compliance certifications including IRAP and SOC 2.

This is a unique opportunity to establish security practices in a high-growth healthtech environment, building the roadmap for a future security team while ensuring we meet the rigorous requirements of healthcare and government clients.

Responsibilities

Security Strategy & Leadership

- Define and execute Everlab's end-to-end cyber security strategy across people, process, and technology

- Be the hands-on technical lead for security, while also setting long-term policy and governance direction

- Collaborate closely with DevOps and Engineering teams to design secure infrastructure and deployments

- Define the roadmap for growing a security function with the right mix of engineering, GRC, and operations

Risk Management, Compliance & Accreditation

- Lead and maintain certifications such as IRAP and SOC 2, and prepare for others (e.g. ISO 27001, FedRAMP)

- Build and enforce internal policies, secure coding practices, and third-party risk frameworks

- Manage accreditation processes and coordinate with external auditors

Secure Architecture & Implementation

- Implement guardrails, automated controls, IAM policies, monitoring and alerting directly in AWS (e.g. Fargate, RDS, API Gateway)

- Review and enhance security in CI/CD, container orchestration, source code, and dependencies

- Deploy policy-as-code frameworks for automated compliance validation

- Create security guardrails that guide developers towards secure choices

Monitoring, Detection & Incident Response

- Deploy and manage tooling for real-time threat detection and vulnerability management

- Lead incident response and postmortem processes; improve playbooks, detection rules, and recovery systems

- Simulate attacks or perform internal penetration tests to validate defenses

- Build automated incident detection and response capabilities

Stakeholder Engagement & External Representation

- Act as the senior point of contact for all security-related questions from customers, partners, auditors, and government bodies

- Clearly communicate risk posture and mitigation plans to executives and the Board

- Promote security awareness and accountability throughout the company, especially within the product team

What we are looking for

- 7+ years of experience in hands Information Security roles, ideally within SaaS or technology-driven businesses

- Engineering background with hands-on technical experience (e.g. ex pen tester, security engineer)

- Strong understanding of compliance frameworks such as IRAP, SOC 2, ISO27001, GDPR, and other data protection regulations

- Hands-on experience managing accreditation processes and audits

- Proven track record in risk management, security operations, and incident response

Technical Skills

Cloud Security: AWS (Fargate, RDS, API Gateway, IAM)
Compliance Automation: Policy-as-code frameworks, automated audit tools, Vanta experience preferred
Security Tools: SAST/DAST integration, vulnerability management, threat detection platforms
Infrastructure: Experience with secure AWS-native architectures and SaaS security Languages: Python, Go, or similar for security automation and tooling
CI/CD Security: Securing development pipelines and container orchestration

Healthcare & Compliance Knowledge

Experience with healthcare compliance requirements and data protection regulations

Understanding of government client requirements and security expectations

Knowledge of risk assessment methodologies and security frameworks

Familiarity with Australian healthcare and government regulations (preferred)

Leadership & Communication Skills

Exceptional communication skills, with the ability to engage technical and non-technical stakeholders

Experience working with government clients highly desirable

Ability to translate complex security concepts into business language

Track record of building security culture and awareness programs

Experience setting up security programs from scratch

What we offer in return

- Hybrid working with 2-3 days a week in the office and flexibility for appointments, school drop offs etc

- You go through the Everlab health program for free, for your health benefit but also for you to experience the product like a customer

- Equity (ESOP)

- A company culture of highly motivated and driven people that all want to work with the best and be part of building something meaningful

- Opportunity to build and lead a security function from the ground up

- Direct impact on protecting healthcare data and enabling accessible healthcare technology