Senior Security Engineer

Job Description

Senior Security Engineer (June 2026)

Company Description

Butterfly Network, Inc. (NYSE: BFLY) is driving a digital revolution in ultrasound imaging and sensing with its proprietary Ultrasound-on-Chip™ semiconductor technology and software solutions. Butterfly first proved its technology in the point-of-care ultrasound market – commercializing the world’s first single-probe, whole-body portable ultrasound device, which is now on its best-selling, third-generation: Butterfly iQ3™. The Company combines its advanced hardware with cloud software and AI, an enterprise workflow solution (Compass AI™) and other offerings to drive adoption of affordable, accessible ultrasound. Butterfly also enables third-party development of imaging AI apps through Butterfly Garden™, its software development kit and AI partnership initiative.

In addition to its medical imaging products, Butterfly Embedded™ is the Company’s Ultrasound-on-Chip™ licensing and co-development program designed to enable a new wave of ultrasound-enabled technologies across non-competitive healthcare markets and beyond. Through Butterfly Embedded™, partners can build and scale novel ultrasound applications powered by Butterfly’s proprietary semiconductor chip and software platform. Butterfly’s innovations have been recognized by Prix Galien USA, Fierce 50, TIME’s Best Inventions and Fast Company’s World Changing Ideas, among other achievements.

We’re a team of bold thinkers, problem-solvers, and innovators ready to shape the future of medical imaging. Let’s build something extraordinary together!

Job Description

You will be working in Butterfly’s fast-growing Information Security (InfoSec) team to better meet the needs of our customers in the global healthcare sector. As a Security Engineer, you will have the opportunity to work closely with our DevOps, Hardware, Software, AI, Risk Management, Audit, Quality Team, and Cloud Engineering Teams to secure our product and our cloud security architecture. As we scale our business internationally and into large enterprises, security has never been more important to our company and those patients we help every day. Responsibilities will also include Manage, Monitor, and Maintain Global Security Certifications rooted in National Institute of Standards and Technology (NIST) - International Organization for Standardization (ISO) - Health Information Technology for Economic and Clinical Health (HITECH) - International Electrotechnical Commission (IEC), and GovRAMP/FedRAMP among others.

As part of our team, your core responsibilities will be:

• Assess, triage, and prioritize security alerts from logging and monitoring systems.
• Incident response management and breach mitigation.
• Conduct vulnerability assessment, determine deviations from acceptable configurations, and assess the level of risk; recommend appropriate mitigation countermeasures.
• Work in collaboration with Legal, Compliance, HR on Discovery and Investigations requests.
• Work in collaboration with IT, Cloud Operations, and Engineering Teams to secure our AWS environment.
• Design, implement, configure, support, and maintain security and IT solutions and tools (e.g., Security Information Event Management (SIEM), Identity Access Management (IAM), Mobile Device Management (MDM), Endpoint Detection and Response (EDR), Vulnerability Management, Zero Trust Networking (ZTN), Data Loss Prevention (DLP)).
• Keep abreast of tools, techniques, and process improvements in support of security detection and analysis in accordance with current and emerging threat and attack vectors.
• Lead digital forensic activities including collecting, processing, preserve, analyze, and present evidence in support of vulnerability mitigation, and investigations.
• Perform cyber defense analysis by using data collected from a variety of cyber defense tools (e.g., Intrusion Detection System (IDS), alerts, firewalls, AWS Cloud Trails) to analyze events for the purposes of mitigating threats.
• Help mature and maintain an Incident Response Program.
• Develop playbooks, work instructions, process flow, Risk Assessments, and automation solutions.
• Evidence and artifact collection and articulation for purpose of Audit and Accreditations.
• Contributes to Executive Presentations of the InfoSec state and environment.
• Will require working nights (at times), weekends (at times), or holidays (at times) on a rotational basis with the rest of the team to ensure 24x7 coverage.
• Supports our CISO in additional security initiatives and projects, as needed.

Qualifications

Baseline skills/experiences/attributes:

• Preferred 4+ years of cybersecurity experience or comparable IT experience working in collaboration with an InfoSec Organization.
• Experience investigating cybersecurity events and incidents using a full suite of alerting and response tools, digital forensic or malware analysis tools.
• Experience with one major SIEM system; Splunk is preferred. Write Splunk Search Processing Language (SPL) queries for alerts, create dashboards and produce reports and metrics.
• Strong understanding of networking basics, including firewall, Web Application Firewall (WAF), experience with Virtual Private Cloud (VPC), and Zero Trust Networking (ZTN).
• Firsthand experience with Vulnerability Management preferably Rapid7, perform scans, produce reports, and track remediation.
• Experience with Endpoint Detection and Response preferably CrowdStrike Falcon and Cloud Security Posture Management, write policies, triage alerts, and deploy agents.
• Experience with Identity Access Management preferably Entra ID; configuring SSO, user/group management, user access review, multi factor authentication (MFA), etc.
• Experience with zero trust networking preferably Zscaler Private Access to create connectors, applications, policies, and troubleshooting.
• Strong familiarity with NIST 800-53 (Rev-5).
• Strong familiarity with ISO27001.
• Strong Project Management skills (PMP, Six Sigma, or Agile).
• Strong communications skills (collaborating with employees at all levels).
• CISSP, GIAC, and or AWS Certified Security Specialty a plus.

Values

Innovation is what we do. Our values are how we make it happen. Butterflies are and believe in…

• Patient-Centric Innovators: Our mission is THE mission.
• Empowered to Impact: Every voice matters.
• One Team, One Goal: Unity fuels progress.
• Growth Champions: We embrace challenges.
• Action-Oriented Achievers: We follow through, every time.

Location

Butterfly offers a hybrid work model for most positions, with team members spending two or more days a week in the office. While flexibility is key, we value in-person connections that spark creativity and teamwork. Our offices are designed for collaboration, with comfortable workspaces, stocked kitchens, and opportunities to connect with peers.

T his is a hybrid position ( 2 - 3 + days a week in the office)  and will be based out of our office in New York City, NY.

Benefits and Perks

• Comprehensive health insurance, encompassing dental and vision coverage, is provided to all our employees. As a health-tech company, we prioritize the well-being of our teams. We also contribute to Health Savings Account (HSA) accounts for all enrolled employees on an annual basis.
• Comprehensive Employee Assistance Program - we provide access to tools and resources to support your emotional health and day-to-day needs.
• 401k plan and match - we facilitate your retirement goals.
• Eligible employees will have the opportunity to participate in Employee Stock Purchase Plan (ESPP)
• Unlimited Paid Time Off + 10 Holiday Days a Year - recharge and come back ready to make an impact
• Parental Leave - we aim to provide our employees with time to bond with their growing family, along with additional support for primary caregivers to help transition back to work
• Competitive salaried compensation - we value our employees and show it
• Equity - we want every employee to be a stakeholder
• The opportunity to build a revolutionary healthcare product and save millions of lives!

Compensation

Our estimated salary for this role is around $135,000 + bonus + equity + benefits. Actual pay is determined by multiple factors such as skills, qualifications, experience and market demand.

For this role, we are only considering candidates who are legally authorized to work in the United States and who do not now or in the future require sponsorship for employment visa status.

Butterfly Network does not accept agency resumes.

Butterfly Network is an E-Verify Company.

Butterfly Network is an equal opportunity employer.  Regardless of race, traits associated with race, color, ancestry, religion, gender, national origin, sexual orientation, age, citizenship, marital status, disability or Veteran status. All your information will be kept confidential according to EEO guidelines.

Butterfly requires security adherence responsibilities from all employees. These include:  adhering to all company security policies and procedures, utilize provided company assets securely, and complete all required security awareness training programs. Safeguarding company data and systems from unauthorized access, modification, or destruction, contributing to the overall security posture of the organization. Immediately reporting any suspected or actual security incidents, including phishing attempts, malware infections, or unauthorized access, following the established incident response procedure

#LI-KG

#KG-LI