hims & hers is hiring a
Senior Security Engineer, Remote - Worldwide

Summary

The job is for a Senior Security Engineer at Hims & Hers Health, Inc., a health and wellness platform offering personalized solutions. The role involves designing, implementing, and maturing innovative security capabilities, collaborating with engineering and product teams, ensuring information security and regulatory requirements, and more.

Requirements

• Bachelor's degree in Computer Science, Engineering, Information Systems, or equivalent background or experience
• 8+ years of relevant technical experience
• 5+ years of security experience
• Prior experience with Mobile and API security
• Deep understanding of the Twelve-Factor App methodology
• Prior experience working with cloud-based platforms (AWS, Azure, GCP) in an enterprise environment
• Prior experience with security scanning tools (SAST, DAST, SCA, etc.), PEN Testing, and the Bug Bounty program

Responsibilities

• Ownership of security scanning complex (SAST, SCA, DAST, etc.)
• Develop and promote security architecture and design strategies, frameworks, and patterns while collaborating closely with engineering, and product organization
• Actively partner with stakeholders to understand business requirements and develop supporting security and resiliency principles to ensure the adoption of industry best practices
• Ensure information security and regulatory requirements are effectively integrated into new or improved systems
• Demonstrates expert technology competence in security domains including but not limited to application, cloud, resiliency, identity, access management, and data security
• Establish credibility among technology experts as the subject matter expert across security disciplines
• Review and influence the security of vendor applications and systems to ensure they meet our security objectives and can be implemented securely
• Analyze technical risks of existing systems and applications against correlating policies and risks, and provide appropriate remediation or risk reduction plans
• Participate in the design and execution of vulnerability assessments, red team /penetration tests, security audits, and cybersecurity exercises
• Define, publish, and implement Security Standards / Frameworks
• Effectively communicates across departments and leadership groups and builds consensus in support of strategic objectives
• Establish a security vision and roadmap while ensuring it aligns with the cybersecurity strategy, enterprise business and technology strategy, and industry trends
• Mentor and guide engineering teams on security best practices
• Serve as a champion for secure SDLC and secure cloud adoption

Preferred Qualifications

• Prior experience in the healthcare industry including a strong understanding of HIPAA Privacy and Security Rules preferred
• Experience in the IAM domain including tools (Okta, Centrify, CyberArk, Ping) preferred
• Significant experience with Java/Kotlin, JavaScript, web services (REST/SOAP), and modern development and delivery techniques
• Strong knowledge of authentication and authorization industry standards such as SAML, OpenID, OAuth2

Benefits

• Competitive salary & equity compensation for full-time roles
• Unlimited PTO, company holidays, and quarterly mental health days
• Comprehensive health benefits including medical, dental & vision, and parental leave
• Employee Stock Purchase Program (ESPP)
• Employee discounts on hims & hers & Apostrophe online products
• 401k benefits with employer matching contribution
• Offsite team retreats