Sr. Security Engineer - Product & Apps

About the Role:

As a Senior Security Engineer you will be a thought leader in the Security Team focused on helping design implement and mature innovative and cutting-edge security capabilities. Senior Security Engineer ensures defense-in-depth provides hands-on technical leadership for security domains assists with defining vision and execution of strategy aligning to business needs and is also expected to help solve a wide range of security challenges. The Senior Security Engineer is part of a highly collaborative security program and an engineering culture-driven technology organization.

You Will:

• Ownership of security scanning complex (SAST SCA DAST etc.)

• Develop and promote security architecture and design strategies frameworks and patterns while collaborating closely with engineering and product organization

• Actively partner with stakeholders to understand business requirements and develop supporting security and resiliency principles to ensure the adoption of industry best practices

• Ensure information security and regulatory requirements are effectively integrated into new or improved systems

• Demonstrates expert technology competence in security domains including but not limited to application cloud resiliency identity access management and data security

• Establish credibility among technology experts as the subject matter expert across security disciplines

• Review and influence the security of vendor applications and systems to ensure they meet our security objectives and can be implemented securely

• Analyze technical risks of existing systems and applications against correlating policies and risks and provide appropriate remediation or risk reduction plans

• Participate in the design and execution of vulnerability assessments red team /penetration tests security audits and cybersecurity exercises

• Define publish and implement Security Standards / Frameworks

• Effectively communicates across departments and leadership groups and builds consensus in support of strategic objectives

• Establish a security vision and roadmap while ensuring it aligns with the cybersecurity strategy enterprise business and technology strategy and industry trends.

• Mentor and guide engineering teams on security best practices

• Serve as a champion for secure SDLC and secure cloud adoption

• Threat modeling end-to-end security evaluation

You Have:

• Bachelor's degree in Computer Science Engineering Information Systems or equivalent background or experience

• 8+ years of relevant technical experience

• 5+ years of security experience

• Prior experience with Mobile and API security

• Deep understanding of the Twelve-Factor App methodology

• Prior experience working with cloud-based platforms (AWS Azure GCP) in an enterprise environment

• Prior experience with security scanning tools (SAST DAST SCA etc.) PEN Testing and the Bug Bounty program

• Prior experience in the healthcare industry including a strong understanding of HIPAA Privacy and Security Rules preferred

• Experience in the IAM domain including tools (Okta Centrify CyberArk Ping) preferred

• Significant experience with Java/Kotlin JavaScript web services (REST/SOAP) and modern development and delivery techniques

• Strong knowledge of authentication and authorization industry standards such as SAML OpenID OAuth2

• CISSP CCSP  and AWS Cloud certification desirable

• Experience developing solutions in an iterative (Agile) approach and hands-on knowledge of DevSecOps practices

Our Benefits (there are more but here are some highlights):

• Competitive salary & equity compensation for full-time roles

• Unlimited PTO company holidays and quarterly mental health days

• Comprehensive health benefits including medical dental & vision and parental leave

• Employee Stock Purchase Program (ESPP)

• Employee discounts on hims & hers & Apostrophe online products

• 401k benefits with employer matching contribution

• Offsite team retreats

#LI-Remote