Who We Are

Healthcare needs a better rhythm: one that keeps care continuous and deeply human. Heidi is building an AI Care Partner that works alongside clinicians to make that possible.

We’re a team of doctors, engineers, designers, researchers, and creatives building tools that help clinicians stay focused on what matters most: their patients.

In just 18 months, Heidi has given back more than 18 million hours to healthcare professionals — supporting 73 million patient visits in 116 countries. Today, more than two million patient visits each week are powered by Heidi worldwide.

Backed by nearly $100 million in funding, we’re growing in the US, UK, Canada, and Europe, partnering with leading health systems including the NHS, Beth Israel Lahey Health, and Monash Health.

About the Role

We're building security systems for medical technology that handles sensitive data and supports critical healthcare decisions. Security and data protection are core to what we build.

In this role you'll partner with product and engineering teams to design secure architectures and establish patterns that teams can apply consistently across services and client applications.

What you’ll do

• Lead secure architecture work early: threat model features, define security requirements, and propose concrete architecture options

• Design and standardise secure patterns for authentication, session management, and token handling across services and client applications

• Design and review authorisation models and access control patterns (policy enforcement, fine-grained controls)

• Establish secure API architecture patterns: validation and normalisation, rate limiting, abuse resistance, and observability signals

• Build libraries, templates, and reference implementations so teams can adopt secure patterns with minimal friction

• Shape security testing and feedback loops (static and dynamic testing, dependency scanning) so they reinforce architecture choices and stay actionable

• Contribute to the wider security program by turning recurring application risks into standards, shared components, and engineering guidance

What we’re looking for

We're looking for senior/staff-level capability, expressed as autonomy, depth, and ability to scale impact.

• Operates with high autonomy: can take an ambiguous app risk area and drive it from discovery to architecture to rollout

• Strong domain understanding of modern application architectures, distributed systems failure modes, and common security pitfalls

• Designs pragmatic security architectures that fit product constraints and delivery realities

• Builds leverage through reusable patterns, shared components, and clear standards, not just one-off reviews

• Communicates trade-offs clearly and aligns product and engineering stakeholders on decisions

Our Approach to Security

We build security into how we work through automation, practical controls, and clear communication. We aim for secure defaults and guardrails that help teams make good choices without unnecessary friction.

Note on Requirements

We care more about skills, approach, and ability to learn than specific certifications or industry background. If you have strong security domain knowledge and the specialised skills for this role, we'd love to hear from you.

The way we work

1. Build to Last

We design for safety and reliability so clinicians, patients, and our teams can trust what we build every day.

2. Own Your Practice

Ideas rise on merit, not title, and everyone shares responsibility for the standards we set together.

3. Move Fast, Stay Steady

We move quickly but never at the cost of trust. Progress only matters if people can depend on what we make.

4. Make Others Better

Honest feedback, steady support, and shared growth keep our teams improving together.

Why you will flourish with us

• Flexible hybrid working environment, with 3 days in the office.

• A generous personal development budget of $500 per annum

• Learn from some of the best engineers and creatives, joining a diverse team

• Become an owner, with shares (equity) in the company, if Heidi wins, we all win

• The rare chance to create a global impact as you immerse yourself in one of Australia’s leading healthtech startups

• If you have an impact quickly, the opportunity to fast track your startup career!

Heidi is dedicated to creating an equitable, inclusive, and supportive work environment that brings people together from diverse backgrounds, experiences, and perspectives. Our strength is in our differences. We're proud to be an equal opportunity employer and welcome all applicants as we're committed to promoting a culture of opportunity for all.