Senior Software Engineer (Trust Foundations)

Building for trust is non‑negotiable in our mission of making mental healthcare more accessible and affordable across the US: patients share sensitive information, payers demand demonstrably strong controls, and providers depend on reliable, secure infrastructure. Trust Foundations is responsible for instilling confidence in our products by safeguarding our user’s data. We achieve this by developing out-of-the-box identity, access, and secure-data platforms for other engineering teams to utilize. Our mission is to make the most secure path the most efficient path, enabling clinicians, patients, and payers to trust Headway implicitly.

This team is growing and we are hiring for multiple roles at both mid/senior levels. As a Software Engineer/Senior Software Engineer on our Trust Foundations team, you’ll be working on 0-1 access control (RBAC/ABAC), OAuth 2.0/OIDC platforms while shaping the long‑term vision for trust at Headway. You will translate open identity and authorization standards into scalable building blocks; embed privacy‑by‑design and reliability principles into everything we build; and mentor engineers across the company in Trust first thinking.

• →Design, build, and operate core trust primitives - authentication providers, authorization engines, data governance, stratified encrypted data stores, and tamper‑evident audits.
• →Embed security & privacy by design - Partner with Legal / Compliance to translate regulatory language into concrete engineering controls.
• →Scale our identity rails -  Design and evolve multi‑tenant authentication & authorization services that handle millions of sessions daily with high availability expectations.
• →Deliver scalable, secure platform foundations -  Design and build 0-1 shared services, implement consistent access control patterns that enable product teams to move quickly while ensuring security-by-default (least‑privilege access, encryption in transit and at rest, audit hooks).
• →Turn ambiguous requirements into incremental delivery plans - Lead architecture reviews; break large problems into testable milestones; and make pragmatic build‑vs‑buy decisions in a regulated domain.
• →Champion operational excellence - Instrument services, tune alerting, own on‑call runbooks, and drive post‑incident hardening.
• →Elevate engineering culture -  Mentor teammates, document patterns, and help recruit the next generation of Headway engineers.

• Security Mindset: You are passionate about cybersecurity and protecting access to sensitive user data. 
• Cross functional Collaboration - you have demonstrated effective collaboration working with product, infosec and compliance teams. 
• A track record of mentoring engineers, elevating design quality, and improving engineering processes.
• Secure Architecture: You think of security platforms, not as a gate, but as an enabler of secure product development. 
• Dealing with ambiguity: You are comfortable working with and bringing clarity to ambiguous requirements. 

• 3+ years of experience working in data governance and access control systems (RBAC/ABAC) compliant with HIPAA, HITRUST, SOC2 etc
• 3+ years of experience working with third party IdPs and expertise with OAuth 2.0 / OIDC standards.
• 3+ years of experience with Python, TypeScript and AWS.

Building a new mental healthcare system at Headway is only possible because of the scale and leverage that software can provide.  The engineering team at Headway is a small but mighty team using technology to build that future (and have a fun time while doing it!).

• Focus on the mission - We view software as a means of effecting change in the world, not as an end unto itself. We write software to empower our patients and therapist to better solve the problems they’re facing.
• Ship small, learn fast - We are building new and novel products and believe that we learn what our users need by quickly shipping and iteration.
• Everything is a product - Whether it's our patient search experience or a developer productivity improvement, we treat everything we build at Headway as a product with end-users in mind.
• Optimize for trust - We believe that engineers should be continually learning. To learn effectively and to be productive, engineers must feel safe asking questions and discussing mistakes.

• Languages: Python 3, TypeScript
• Libraries & Frameworks: FastAPI, SQLAlchemy, React, Remix, Next.js
• Datastores: Postgres, Redis
• Infrastructure: AWS (Fargate, ECS, S3, and more), Spark and Kafka
• Monitoring: Datadog, PagerDuty, Sentry
• Version Control: Github, PagerDuty
• Vulnerability Management: Snyk, Semgrep
• Cloud Security: Lacework

After you apply to Headway, here are some details of what to expect during the interview process.

• Initial screen: You’ll connect with someone in recruiting so you can learn more about the team, Headway’s mission and exciting growth, and we can get a better idea of your background. 
• First round: You'll meet with an engineer on the team to do some live coding and learn more about the engineering team.
• Final rounds: You’ll meet several more team members for technical and non-technical interviews and leave with a fuller picture of what it’s like to work at Headway.
• References and the Offer: Our favorite part of the process! We'll send over all of the details, including specifics on employee equity, and congratulatory messages from excited future team members!