Product Security Engineer

Role Overview

• Analyze security vulnerabilities in web and mobile applications, determine risk levels, and drive remediations in collaboration with engineering teams.
• Research and report on potential product threats, emerging vulnerabilities, and mitigation techniques relevant to the evolving health tech landscape.
• Partner with Engineering and Product stakeholders to integrate security at every stage of the SDLC, championing secure development practices and agile delivery.
• Develop and advocate for cost-effective solutions to address complex application and product security challenges.
• Implement the adoption of product security standards and best practices across the organization, influencing engineering and architecture decisions.
• Routinely test, audit, and assess the security posture of application and cloud infrastructure configurations.
• Guide engineering teams in applying secure coding standards, providing resources and actionable feedback to foster a culture of security.
• Deploy, optimize, and manage security tooling such as SAST, DAST, Hashicorp Vault, and other industry-leading application security solutions.
• Participate in collaborative threat modeling initiatives for new features and evolving services, ensuring proactive risk identification and reduction.
• Conduct secure code reviews on services and applications built with modern frameworks and technologies.
• Assist in planning and executing targeted penetration tests on new features, identifying and reporting vulnerabilities before production release.
• Collaborate on IT security initiatives, partnering with infrastructure and operations teams to review security controls for device management, endpoint protection, access management, and overall IT hygiene.
• Engage with Cloud Security efforts by partnering with DevOps and Infrastructure teams to assess, improve, and monitor cloud architecture, security policies, and cloud-native controls to ensure secure deployment and operations of applications and services.

Requirements

• You bring 2-4 years of experience in product/application security or 1-3 years in security-focused software engineering.
• You are deeply familiar with secure software development practices, security-focused architecture, and infrastructure that aligns with product objectives and business needs.
• You support the adoption of application and product security best practices across engineering teams and contribute to business-wide security initiatives.
• You have hands-on experience with vulnerability management, secure code review, threat modeling, and industry-standard tools for application and product security.
• You have hands-on experience with at least one scripting language (Python and/or Bash preferred).
• You thrive in fast-paced, collaborative environments, working closely with developers, product managers, and cross-functional stakeholders to secure web and mobile applications.
• You are able to assess, prioritize, and execute on projects independently.
• You are comfortable working in a fast-paced environment.
• You have excellent written and verbal communication skills.

Tech Stack

• Cloud
• Python
• SDLC
• Vault

Benefits

• Medical / Dental / Vision / Disability / Life Insurance
• High Deductible Health Plan with Health Savings Account (HSA) option
• Flexible Spending Account (FSA)
• Access to coaches and therapists through Modern Health's platform
• Flexible Time Off
• Company-wide Collective Pause Days
• Parental Leave Policy
• Family Forming Benefit through Carrot
• Family Assistance Benefit through UrbanSitter
• Professional Development Stipend
• 401k
• Financial Planning Benefit through Origin
• Annual Wellness Stipend to use on items that promote your overall well being
• New Hire Stipend to help cover work-from-home setup costs
• ModSquad Community: Virtual events like active ERGs, holiday themed activities, team-building events and more
• Monthly Cell Phone Reimbursement