Sr. Security Engineer

As a Senior Security Engineer, you will be a thought leader in the Security Team focused on helping design, implement, and mature innovative and cutting-edge security capabilities. Senior Security Engineer ensures defense-in-depth, provides hands-on technical leadership for security domains, assists with defining vision and execution of strategy aligning to business needs, and is also expected to help solve a wide range of security challenges. The Senior Security Engineer is part of a highly collaborative security program and an engineering culture-driven technology organization.

• Ownership of security scanning complex (SAST, SCA, DAST, etc.)  
• Develop and promote security architecture and design strategies, frameworks, and patterns while collaborating closely with engineering, and product organization
• Actively partner with stakeholders to understand business requirements and develop supporting security and resiliency principles to ensure the adoption of industry best practices
• Ensure information security and regulatory requirements are effectively integrated into new or improved systems
• Demonstrates expert technology competence in security domains including but not limited to application, cloud, resiliency, identity, access management, and data security
• Establish credibility among technology experts as the subject matter expert across security disciplines
• Review and influence the security of vendor applications and systems to ensure they meet our security objectives and can be implemented securely
• Analyze technical risks of existing systems and applications against correlating policies and risks, and provide appropriate remediation or risk reduction plans
• Participate in the design and execution of vulnerability assessments, red team /penetration tests, security audits, and cybersecurity exercises
• Define, publish, and implement Security Standards / Frameworks
• Effectively communicates across departments and leadership groups and builds consensus in support of strategic objectives
• Establish a security vision and roadmap while ensuring it aligns with the cybersecurity strategy, enterprise business and technology strategy, and industry trends.
• Mentor and guide engineering teams on security best practices
• Serve as a champion for secure SDLC and secure cloud adoption
• Threat modeling, end-to-end security evaluation

• Bachelor's degree in Computer Science, Engineering, Information Systems, or equivalent background or experience
• 8+ years of relevant technical experience
• 5+ years of security experience
• Prior experience with Mobile and API security
• Deep understanding of the Twelve-Factor App methodology
• Prior experience working with cloud-based platforms (AWS, Azure, GCP) in an enterprise environment
• Prior experience with security scanning tools (SAST, DAST, SCA, etc.), PEN Testing, and the Bug Bounty program
• Prior experience in the healthcare industry including a strong understanding of HIPAA Privacy and Security Rules preferred
• Experience in the IAM domain including tools (Okta, Centrify, CyberArk, Ping) preferred
• Significant experience with Java/Kotlin, JavaScript, web services (REST/SOAP), and modern development and delivery techniques
• Strong knowledge of authentication and authorization industry standards such as SAML, OpenID, OAuth2
• CISSP, CCSP,  and AWS Cloud certification desirable
• Experience developing solutions in an iterative (Agile) approach and hands-on knowledge of DevSecOps practices 

• Competitive salary & equity compensation for full-time roles
• Unlimited PTO, company holidays, and quarterly mental health days
• Comprehensive health benefits including medical, dental & vision, and parental leave
• Employee Stock Purchase Program (ESPP)
• Employee discounts on hims & hers & Apostrophe online products
• 401k benefits with employer matching contribution
• Offsite team retreats