Function HealthRemote
Senior Product Security Engineer
United States of America
Full Time
1 week ago
Visa Sponsor
Key skills
PythonAILangChainAgenticFastAPICI/CDOWASP
About this role
Function Health is the AI operating system for health, designed to empower people to live 100 healthy years. As a Senior Product Security Engineer, you'll work closely with engineering and product teams to embed security into every stage of development, ensuring the safety and integrity of the platform as it scales.
Responsibilities:
- Design and deploy AI-powered security agents into CI/CD: automated code review, risk classification, escalation logic, and where possible, auto-remediation
- Build and operate the security tooling layer across our pipelines: SAST, SCA, secrets scanning, IaC validation, and supply chain integrity checks
- Conduct threat modeling, secure design reviews, and manual security assessments across our apps, APIs, and infrastructure
- Find vulnerabilities through proactive testing, not just scanner output, and drive them to remediation
- Partner with engineering teams across our product pillars as the embedded security voice in the room, without being a blocker
- Own the rollout of secure-by-default development frameworks and controls
- Connect application-level telemetry to detection and response systems
- Contribute to incident response and postmortems when product security is involved
- Shape our long-term product security strategy and roadmap
Requirements:
- 5+ years of experience in product or application security, software engineering, or a combination of both
- You've built or operated AI-assisted security tooling, whether that's an agent doing code review, an automated triage pipeline, or custom security automation you designed from scratch
- Strong Python experience. Familiarity with FastAPI, LangChain, or agentic frameworks is a plus
- Deep fluency in identifying and exploiting web, API, and application vulnerabilities, well beyond OWASP Top 10
- Experience embedding security into CI/CD, not just recommending it
- You can guide engineers through secure design decisions without slowing them down
- You write documentation and design docs without being asked
- Bonus: experience with HIPAA or healthcare data, red teaming, or security architecture at scale