Senior Software Engineer (Trust Foundations)

Headway’s mission is a big one – to build a new mental health care system everyone can access. We’ve built technology that helps people find great therapists with the first software-enabled national network of providers accepting insurance. 

1 in 4 people in the US have a treatable mental health condition, but the majority of providers don’t accept insurance, making therapy too expensive for most people. Headway is building a new mental healthcare system that everyone can access by making it easy for therapists to accept insurance and scale their practice. 

Headway was founded in 2019. Since then, we’ve grown into a diverse, national network of over 60,000 mental healthcare providers across all 50 states who run their practice on our software and have served over 1 million patients. We’re a Series D company with over $325m in funding from a16z (Andreessen Horowitz), Accel, GV (formerly Google Ventures), Spark Capital, Thrive Capital, Forerunner Ventures and Health Care Service Corporation.

We want your time here to be the most meaningful experience of your career. Join us, and help change mental healthcare for the better.

About this role: 

Building for trust is non‑negotiable in our mission of making mental healthcare more accessible and affordable across the US: patients share sensitive information, payers demand demonstrably strong controls, and providers depend on reliable, secure infrastructure. Trust Foundations is responsible for instilling confidence in our products by safeguarding our user’s data. We achieve this by developing out-of-the-box identity, access, and secure-data platforms for other engineering teams to utilize. Our mission is to make the most secure path the most efficient path, enabling clinicians, patients, and payers to trust Headway implicitly.

This team is growing and we are hiring for multiple roles at both mid/senior levels. As a Software Engineer/Senior Software Engineer on our Trust Foundations team, you’ll be working on 0-1 access control (RBAC/ABAC), OAuth 2.0/OIDC platforms while shaping the long‑term vision for trust at Headway. You will translate open identity and authorization standards into scalable building blocks; embed privacy‑by‑design and reliability principles into everything we build; and mentor engineers across the company in Trust first thinking.

What you’ll do here:

• Design, build, and operate core trust primitives - authentication providers, authorization engines, data governance, stratified encrypted data stores, and tamper‑evident audits.
• Embed security & privacy by design - Partner with Legal / Compliance to translate regulatory language into concrete engineering controls.
• Scale our identity rails -  Design and evolve multi‑tenant authentication & authorization services that handle millions of sessions daily with high availability expectations.
• Deliver scalable, secure platform foundations -  Design and build 0-1 shared services, implement consistent access control patterns that enable product teams to move quickly while ensuring security-by-default (least‑privilege access, encryption in transit and at rest, audit hooks).
• Turn ambiguous requirements into incremental delivery plans - Lead architecture reviews; break large problems into testable milestones; and make pragmatic build‑vs‑buy decisions in a regulated domain.
• Champion operational excellence - Instrument services, tune alerting, own on‑call runbooks, and drive post‑incident hardening.
• Elevate engineering culture -  Mentor teammates, document patterns, and help recruit the next generation of Headway engineers.

Who you are: 

• Security Mindset: You are passionate about cybersecurity and protecting access to sensitive user data. 
• Cross functional Collaboration - you have demonstrated effective collaboration working with product, infosec and compliance teams. 
• A track record of mentoring engineers, elevating design quality, and improving engineering processes.
• Secure Architecture: You think of security platforms, not as a gate, but as an enabler of secure product development. 
• Dealing with ambiguity: You are comfortable working with and bringing clarity to ambiguous requirements. 

Preferred (not required) experience: 

• 3+ years of experience working in data governance and access control systems (RBAC/ABAC) compliant with HIPAA, HITRUST, SOC2 etc
• 3+ years of experience working with third party IdPs and expertise with OAuth 2.0 / OIDC standards.
• 3+ years of experience with Python, TypeScript and AWS.

About Engineering at headway:

Building a new mental healthcare system at Headway is only possible because of the scale and leverage that software can provide.  The engineering team at Headway is a small but mighty team using technology to build that future (and have a fun time while doing it!).

Principles that guide us:

• Focus on the mission - We view software as a means of effecting change in the world, not as an end unto itself. We write software to empower our patients and therapist to better solve the problems they’re facing.
• Ship small, learn fast - We are building new and novel products and believe that we learn what our users need by quickly shipping and iteration.
• Everything is a product - Whether it's our patient search experience or a developer productivity improvement, we treat everything we build at Headway as a product with end-users in mind.
• Optimize for trust - We believe that engineers should be continually learning. To learn effectively and to be productive, engineers must feel safe asking questions and discussing mistakes.

Tools we use:

• Languages: Python 3, TypeScript
• Libraries & Frameworks: FastAPI, SQLAlchemy, React, Remix, Next.js
• Datastores: Postgres, Redis
• Infrastructure: AWS (Fargate, ECS, S3, and more), Spark and Kafka
• Monitoring: Datadog, PagerDuty, Sentry
• Version Control: Github, PagerDuty
• Vulnerability Management: Snyk, Semgrep
• Cloud Security: Lacework

Our interview process

After you apply to Headway, here are some details of what to expect during the interview process.

• Initial screen: You’ll connect with someone in recruiting so you can learn more about the team, Headway’s mission and exciting growth, and we can get a better idea of your background. 
• First round: You'll meet with an engineer on the team to do some live coding and learn more about the engineering team.
• Final rounds: You’ll meet several more team members for technical and non-technical interviews and leave with a fuller picture of what it’s like to work at Headway.
• References and the Offer: Our favorite part of the process! We'll send over all of the details, including specifics on employee equity, and congratulatory messages from excited future team members!

Compensation and Benefits:

The expected base pay range for this position is $168,300 - $237,500, based on a variety of factors including qualifications, experience, and geographic location. In addition to base salary, this role may be eligible for an equity grant, depending on the position and level.

We are committed to offering a comprehensive and competitive total rewards package, including robust health and wellness benefits, retirement savings, and meaningful ownership opportunities through equity. Compensation decisions are made holistically, ensuring fairness and alignment with market benchmarks while recognizing individual contributions and potential.

Benefits offered include:

Equity Compensation

• Medical, Dental, and Vision coverage
• HSA / FSA
• 401K
• Work-from-Home Stipend
• Therapy Reimbursement
• 16-week parental leave for eligible employees
• Carrot Fertility annual reimbursement and membership
• 13 paid holidays each year as well as a Holiday Break during the week between December 25th and December 31st
• Flexible PTO
• Employee Assistance Program (EAP)
• Training and professional development

#LI-SC1

We believe a team's strength is in its people, and we cannot achieve this mission without a team that reflects the diversity of this problem – across race, ethnicity, gender, sexuality, age, national origin, religion, family status, disability, military status, and experience. Headway is committed to the full inclusion of all qualified individuals. As part of this commitment, Headway will ensure that persons with disabilities are provided with reasonable accommodations. If reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or receive other benefits and privileges of employment, please inform the recruiter when they contact you to schedule your interview.

Headway participates in E-Verify. To learn more, click here.

A notice to Headway applicants: To protect yourself against phishing and recruitment fraud, please note that Headway only accepts applications through our official careers page at https://headway.co/careers. Headway will never refer you to external websites, ask for payment or personal information, or conduct interviews via messaging apps. All official communication will come from a @findheadway.com email address. If you are contacted by someone claiming to be from Headway via an unofficial channel, please do not share any information and report it as spam.