About the Role:
As a Senior Security Engineer, you will be a thought leader in the Security Team focused on helping design, implement, and mature innovative and cutting-edge security capabilities. Senior Security Engineer ensures defense-in-depth, provides hands-on technical leadership for security domains, assists with defining vision and execution of strategy aligning to business needs, and is also expected to help solve a wide range of security challenges. The Senior Security Engineer is part of a highly collaborative security program and an engineering culture-driven technology organization.
You Will:
- Ownership of security scanning complex (SAST, SCA, DAST, etc.)
- Develop and promote security architecture and design strategies, frameworks, and patterns while collaborating closely with engineering, and product organization
- Actively partner with stakeholders to understand business requirements and develop supporting security and resiliency principles to ensure the adoption of industry best practices
- Ensure information security and regulatory requirements are effectively integrated into new or improved systems
- Demonstrates expert technology competence in security domains including but not limited to application, cloud, resiliency, identity, access management, and data security
- Establish credibility among technology experts as the subject matter expert across security disciplines
- Review and influence the security of vendor applications and systems to ensure they meet our security objectives and can be implemented securely
- Analyze technical risks of existing systems and applications against correlating policies and risks, and provide appropriate remediation or risk reduction plans
- Participate in the design and execution of vulnerability assessments, red team /penetration tests, security audits, and cybersecurity exercises
- Define, publish, and implement Security Standards / Frameworks
- Effectively communicates across departments and leadership groups and builds consensus in support of strategic objectives
- Establish a security vision and roadmap while ensuring it aligns with the cybersecurity strategy, enterprise business and technology strategy, and industry trends.
- Mentor and guide engineering teams on security best practices
- Serve as a champion for secure SDLC and secure cloud adoption
- Threat modeling, end-to-end security evaluation
You Have:
- Bachelor's degree in Computer Science, Engineering, Information Systems, or equivalent background or experience
- 8+ years of relevant technical experience
- 5+ years of security experience
- Prior experience with Mobile and API security
- Deep understanding of the Twelve-Factor App methodology
- Prior experience working with cloud-based platforms (AWS, Azure, GCP) in an enterprise environment
- Prior experience with security scanning tools (SAST, DAST, SCA, etc.), PEN Testing, and the Bug Bounty program
- Prior experience in the healthcare industry including a strong understanding of HIPAA Privacy and Security Rules preferred
- Experience in the IAM domain including tools (Okta, Centrify, CyberArk, Ping) preferred
- Significant experience with Java/Kotlin, JavaScript, web services (REST/SOAP), and modern development and delivery techniques
- Strong knowledge of authentication and authorization industry standards such as SAML, OpenID, OAuth2
- CISSP, CCSP, and AWS Cloud certification desirable
- Experience developing solutions in an iterative (Agile) approach and hands-on knowledge of DevSecOps practices
Our Benefits (there are more but here are some highlights):
- Competitive salary & equity compensation for full-time roles
- Unlimited PTO, company holidays, and quarterly mental health days
- Comprehensive health benefits including medical, dental & vision, and parental leave
- Employee Stock Purchase Program (ESPP)
- Employee discounts on hims & hers & Apostrophe online products
- 401k benefits with employer matching contribution
- Offsite team retreats
#LI-Remote
