Job Description
1 in 4 people in the US have a treatable mental health condition, but most providers don't accept insurance, making therapy too expensive for most people. Headway’s mission is to fix this by building a new mental healthcare system everyone can access. We started by solving the biggest barrier to care: insurance. The admin work - credentialing, claims, payment reconciliation - is a nightmare. We've automated that. But we're going further. Over 70,000 providers across all 50 states run their practice on our software, serving over 1 million patients. We are building the best tools for therapists to run their entire practice, reimagining the experience of finding a therapist, and investing in the platform foundations to enable this at scale. We aren't just a billing layer; we are becoming the platform where care actually happens. We're a Series D company with $325M+ in funding (a16z, Accel, GV, etc.), looking for exceptional people to help us achieve this mission. We want your time here to be the most meaningful experience of your career. Join us, and help change mental healthcare for the better. About This Role Building for trust is non‑negotiable in our mission of making mental healthcare more accessible and affordable across the US: patients share sensitive information, payers demand demonstrably strong controls, and providers depend on reliable, secure infrastructure. Trust Foundations is responsible for instilling confidence in our products by safeguarding our user’s data. We achieve this by developing out-of-the-box identity, access, and secure-data platforms for other engineering teams to utilize. Our mission is to make the most secure path the most efficient path, enabling clinicians, patients, and payers to trust Headway implicitly. This team is growing and we are hiring for multiple roles at both mid/senior levels . As a Software Engineer/Senior Software Engineer on our Trust Foundations team, you’ll be working on 0-1 access control (RBAC/ABAC), OAuth 2.0/OIDC platforms while shaping the long‑term vision for trust at Headway. You will translate open identity and authorization standards into scalable building blocks; embed privacy‑by‑design and reliability principles into everything we build; and mentor engineers across the company in Trust first thinking. What You’ll Do Here Design, build, and operate core trust primitives - authentication providers, authorization engines, data governance, stratified encrypted data stores, and tamper‑evident audits. Embed security & privacy by design - Partner with Legal / Compliance to translate regulatory language into concrete engineering controls. Scale our identity rails - Design and evolve multi‑tenant authentication & authorization services that handle millions of sessions daily with high availability expectations. Deliver scalable, secure platform foundations - Design and build 0-1 shared services, implement consistent access control patterns that enable product teams to move quickly while ensuring security-by-default (least‑privilege access, encryption in transit and at rest, audit hooks). Turn ambiguous requirements into incremental delivery plans - Lead architecture reviews; break large problems into testable milestones; and make pragmatic build‑vs‑buy decisions in a regulated domain. Champion operational excellence - Instrument services, tune alerting, own on‑call runbooks, and drive post‑incident hardening. Elevate engineering culture - Mentor teammates, document patterns, and help recruit the next generation of Headway engineers. Who You Are Security Mindset: You are passionate about cybersecurity and protecting access to sensitive user data. Cross functional Collaboration - you have demonstrated effective collaboration working with product, infosec and compliance teams. A track record of mentoring engineers, elevating design quality, and improving engineering processes. Secure Architecture: You think of security platforms, not as a gate, but as an enabler of secure product development. Dealing with ambiguity: You are comfortable working with and bringing clarity to ambiguous requirements. Preferred (not Required) Experience 3+ years of experience working in data governance and access control systems (RBAC/ABAC) compliant with HIPAA, HITRUST, SOC2 etc 3+ years of experience working with third party IdPs and expertise with OAuth 2.0 / OIDC standards. 3+ years of experience with Python, TypeScript and AWS. About Engineering At Headway Building a new mental healthcare system at Headway is only possible because of the scale and leverage that software can provide. The engineering team at Headwa