Manager, Security Engineering

Summary

Join Headway and help build a world-class engineering team focused on securing the company's products and applications. As a Security Engineering Manager, you will own the application security, secure software development, and product-integrated security strategy. You will lead the development of security features, tooling, and programs to enable secure code and protect sensitive data. The role involves close collaboration with product, platform, and core engineering teams to integrate security into product design and development. You will build and grow a team, fostering a culture of security best practices and accountability. This position offers the opportunity to make a significant impact on Headway's mission to improve mental healthcare access. The ideal candidate has experience managing security engineering teams and a strong background in application security and secure development practices.

Requirements

• You’ve managed or led security engineering teams and are excited to build and grow one from the ground up
• You have a strong background in application security and secure development practices, and have partnered closely with engineering teams
• You enjoy enabling developers to build safely and quickly through secure-by-default tooling and clear guidance
• You’re comfortable working across domains—from product design to AWS infrastructure—using security as a force multiplier
• You thrive in highly collaborative environments and care deeply about empowering teams to do their best work securely
• You’re motivated by Headway’s mission to make mental healthcare more accessible and want to make a positive impact through security

Responsibilities

• Own Headway’s application and product security strategy, setting the vision and roadmap for securing all customer- and provider-facing experiences
• Build a best-in-class application security program that embeds secure development practices into the software development lifecycle (SDLC), including threat modeling, secure code reviews, and automated security testing
• Drive initiatives to improve security visibility and response within our products, including user-access controls, sensitive data handling, and in-app protections
• Partner with product and engineering teams to identify and mitigate risks in new features, third-party integrations, and architectural decisions. Act as a trusted advisor to engineering teams, fostering a culture of ownership, accountability, and security best practices
• Build tools, workflows, and documentation that help engineers write secure code and own their security responsibilities
• Create a highly engaged, operationally and technically excellent engineering culture within your pod
• Align product and platform engineering teams to security goals with regulatory, privacy, and compliance requirements; collaborating closely with privacy, legal, and compliance teams
• Support production incident response processes in partnership with engineering and Trust teams, helping to triage, remediate, and learn from security events

Benefits

• Equity Compensation
• Medical, Dental, and Vision coverage
• HSA / FSA
• 401K
• Work-from-Home Stipend
• Therapy Reimbursement
• 16-week parental leave for eligible employees
• Carrot Fertility annual reimbursement and membership
• 13 paid holidays each year as well as a Holiday Break during the week between December 25th and December 31st
• Flexible PTO
• Employee Assistance Program (EAP)
• Training and professional development