Notable

Security Engineer Intern

Notable1 weeks ago
Location

San Mateo, CA

Type

Internship

Salary

USD 30 – 50

Level

Intern

Role

Security Engineer

Posted

Jun 22, 2026

InternshipIntern

The role

Summary

As a Security Engineer Intern at Notable, you'll design and automate security controls protecting a healthcare AI platform serving millions of patients. You'll collaborate with security and infrastructure teams to build infrastructure-as-code policy checks, detection playbooks, and secure-by-default developer workflows while contributing to cloud security posture improvements in a regulated healthcare environment.

What you'll do

Build and Automate Security Controls: Design, develop, and deploy automated security controls and guardrails in collaboration with Security and Infrastructure teams. This includes implementing Infrastructure-as-Code (IaC) policy checks, establishing least-privilege baseline configurations, and integrating automated secrets detection into CI/CD pipelines to enforce security standards across the development lifecycle.
Create Detection and Response Playbooks: Author detection rules and incident response playbooks for identified security risks affecting the healthcare platform. Validate effectiveness through controlled simulation exercises, document comprehensive runbooks with clear decision trees, and establish measurable metrics for detection accuracy and response times.
Enhance Secure Development Workflows: Contribute to the implementation of secure-by-default developer practices including pre-commit security hooks, SAST/DAST pipeline integration, and automated dependency scanning. Collaborate on triaging, prioritizing, and tracking security findings through remediation and closure to maintain a healthy security posture.
Improve Cloud Security Posture: Identify and implement measurable security improvements across cloud infrastructure including misconfiguration detection, logging and telemetry coverage expansion, and resource tagging hygiene. Focus on addressing low-to-medium risk gaps that enhance the overall security foundation of the platform.
Document Security Operations: Create clear, maintainable documentation and standard operating procedures for all developed security tools and controls. Establish measurable acceptance criteria for handoffs, ensure operational clarity for team adoption, and maintain living documentation that evolves with security improvements.
Support Security Change Reviews: Participate in security review processes for low-to-medium risk changes to the platform. Track identified mitigations, validate remediation efforts, and provide technical feedback to ensure changes maintain or enhance the security posture of healthcare systems serving millions of patients.

What we look for

Technical

Programming and ScriptingHands-on experience with at least one programming language such as Python, Go, or similar for automating security controls and building tooling. Demonstrated ability to read and analyze code for security implications.
Cloud Security FundamentalsWorking knowledge of cloud security concepts and platforms including GCP, AWS, or Azure. Understanding of cloud-native security challenges, misconfiguration risks, and cloud-specific security best practices.
CI/CD and DevSecOps ConceptsFamiliarity with CI/CD pipeline security, continuous integration systems, and DevSecOps practices. Understanding of how to integrate security controls into development workflows.
Infrastructure-as-Code BasicsUnderstanding of IaC principles and experience with tools like Terraform for defining and managing cloud infrastructure. Knowledge of policy-as-code frameworks such as OPA or Conftest for automated compliance.
Container and Kubernetes BasicsFoundational knowledge of containerization, Docker, and Kubernetes security concepts. Understanding of container security risks and best practices for securing containerized workloads.
Identity and Access ManagementUnderstanding of IAM principles, least-privilege access design, role-based access control (RBAC), and authentication/authorization mechanisms in cloud environments.

Education

Computer Science or Related FieldBachelor's degree in Computer Science, Cybersecurity, Information Security, or related technical discipline, or equivalent demonstrated coursework in security engineering.
Security Engineering CourseworkCompletion of courses or projects in security engineering, cloud security, or DevSecOps demonstrating foundational knowledge of security principles and practices.

Experience

Hands-On Security ProjectsDemonstrated experience through coursework, personal projects, or internships building security tools, implementing controls, or solving security engineering problems.
Automation and System DesignExperience automating repetitive security tasks, designing measurable improvements to systems, and documenting solutions for operational sustainability.
Problem-Solving and CommunicationProven ability to translate ambiguous security problems into concrete, prioritized plans with clear milestones. Strong verbal and written communication skills for technical and non-technical audiences.

Skills

Required skills

Python or Go ProgrammingProficiency in Python, Go, or similar language for writing security tools, automation scripts, and control logic.
Cloud Platform KnowledgeWorking understanding of at least one major cloud platform (GCP, AWS, Azure) including core services, security features, and configuration best practices.
Security FundamentalsCore understanding of security principles including confidentiality, integrity, availability, authentication, authorization, and encryption.
Scripting and AutomationAbility to write scripts and automation code to reduce manual security tasks and enforce security policies programmatically.
Technical DocumentationClear written communication ability to document security controls, operational procedures, and technical decisions for team consumption and future reference.

Nice to have

Terraform ExperienceHands-on experience with Terraform for infrastructure-as-code, including writing and testing Terraform configurations and modules.
Policy-as-Code ToolsFamiliarity with policy-as-code frameworks such as OPA (Open Policy Agent), Conftest, or similar tools for automated compliance and security validation.
GitHub Actions or GitLab CIExperience with CI/CD platforms and systems, particularly GitHub Actions or GitLab CI for building secure development pipelines.
Log Analysis and SIEM ToolsExperience with log aggregation, analysis platforms, and SIEM tools for security monitoring and event investigation.
Detection EngineeringBasic experience authoring security detection rules, alerts, or signatures for identifying threats in logs or network traffic.
OWASP Top 10 KnowledgeFamiliarity with OWASP Top 10 vulnerabilities and secure software development practices for building resilient applications.
Healthcare Compliance ExposureFamiliarity with healthcare-specific regulations such as HIPAA, BAA requirements, or regulated environment compliance considerations.
Privacy-Centric DesignUnderstanding of privacy-by-design principles and data protection considerations relevant to healthcare technology platforms.

Compensation & benefits

Salary

USD 30 – 50 (annual)

Benefits

Healthcare Impact Mission

Join a company dedicated to transforming healthcare and improving the lives of patients, staff, and clinicians. Contribute to Notable's goal of positively impacting 100 million patients through intelligent automation and security excellence.

Meaningful Work Environment

Be part of a purposeful culture focused on doing the best work of your life while working alongside exceptional teammates committed to creating meaningful change in healthcare technology.

Hands-On Learning Opportunity

Gain practical experience in modern security engineering including cloud security, DevSecOps, infrastructure-as-code, and security automation in a fast-growing healthcare technology company.

Mentorship from Security Experts

Work directly with experienced Security and Infrastructure engineers who will guide your professional development and expose you to industry best practices in security engineering.

Collaborative Team Environment

Partner with Security, Infrastructure, and Product Engineering teams in a culture that values collaboration, clear communication, and shared success in protecting sensitive healthcare data.

Bay Area Office Location

Work in San Mateo, California with in-person collaboration three days per week, providing networking opportunities and access to the Bay Area's thriving technology and healthcare ecosystem.

Interview process

  1. 1
    Initial Screening Phone or video screening with Notable recruiter to discuss your background in security engineering, coursework projects, and interest in healthcare technology and DevSecOps.
  2. 2
    Technical Assessment Coding or technical problem-solving round focused on scripting (Python/Go), cloud concepts, or security fundamentals. May include questions about infrastructure-as-code or security control design.
  3. 3
    Security Engineering Interview Technical interview with a Security Engineer or Infrastructure team member covering hands-on security scenarios, detection engineering concepts, and your approach to automating security controls.
  4. 4
    System Design and Collaboration Discussion around designing security solutions for ambiguous problems, breaking down requirements into milestones, and communicating technical concepts clearly to both technical and non-technical stakeholders.
  5. 5
    Team Fit and Values Alignment Conversation with team members or hiring manager about Notable's culture, your motivation for healthcare technology, and alignment with the company's mission to improve healthcare through intelligent automation.
Apply for this position

You'll be redirected to the company's application page

Notable

Notable

View all jobs

Notable is a leading healthcare technology company that automates administrative tasks for healthcare providers. Their AI-powered platform streamlines patient intake, scheduling, clinical documentation, and other operational workflows. The company's mission is to eliminate the administrative burden on providers, allowing them to focus more on patient care and improving efficiency across the healthcare system. Notable operates within the health tech market, serving hospitals and health systems across the United States to enhance both operational effectiveness and the overall patient experience.

San Mateo, USAFounded 2017notablehealth.com

Tech Stack

Languages
PythonGoHCLYAML
Frameworks
GitHub ActionsGitLab CIKubernetes
Databases
Security Information and Event Management (SIEM)
Tools
TerraformOPA / ConftestSAST/DAST ToolsDependency Scanning ToolsGCP / AWS / Azure
Other
Infrastructure-as-Code (IaC)Secrets ManagementContainer SecurityIdentity and Access Management (IAM)HIPAA Compliance
Apply Now

On this page