Staff Security Engineer

Summary

Join Pomelo Care as a Staff Security Engineer and play a key role in shaping our security posture, safeguarding sensitive healthcare data, and enabling our engineering teams to build secure and compliant products. Lead and execute critical cybersecurity initiatives across various areas, including IAM/RBAC, Application Security, and Cloud Security. Develop and implement security solutions, collaborate with cross-functional teams, and continuously improve secure software development lifecycle processes. Serve as a subject matter expert, guiding and educating teams on cybersecurity principles. Participate in incident response activities and demonstrate strong communication and problem-solving skills. This role requires 10+ years of hands-on cybersecurity experience and a robust software engineering foundation. Pomelo Care offers competitive healthcare benefits, generous equity compensation, and unlimited vacation.

Requirements

• 10+ years of hands-on experience in cybersecurity with a robust software engineering foundation
• Direct hands-on expertise in at least 2-3 key security areas (IAM, Application Security, Cloud Security, CI/CD security, Incident Response, etc.)
• Curiosity and openness to learn new cybersecurity domains that may not be familiar
• Direct experience working in some parts of the full technology stack including Google Cloud Platform (GCP), Kotlin, React/Next.js, Swift, Expo, XCode, Android Studio, yarn, npm, Code Build, among others
• Previous cybersecurity experience within healthcare environments and startups, demonstrating familiarity with regulatory frameworks (e.g., HIPAA) and supporting security certifications such as SOC 2 Type 2 and HITRUST
• Strong technical background including full stack software development, system architecture and security fundamentals such as PKI, SAML, JWT, HMAC as well as MITRE ATT&CK and D3FEND frameworks and OWASP top ten mitigations
• Proven ability to thrive in agile environments, adapting quickly and wearing multiple hats to help scale security programs
• Strong problem-solving skills, excellent communication abilities, and a collaborative mindset

Responsibilities

• Lead and execute critical cybersecurity initiatives, spanning areas like IAM/RBAC, Application Security, Cloud Security, Endpoint Security, CI/CD and supply chain security, SAST/DAST tooling, penetration testing, bug bounty management, Incident Response, DFIR and SaaS security
• Develop and implement security solutions and frameworks that proactively mitigate risks and address evolving threats
• Collaborate cross-functionally with engineering, product, compliance and executive teams to drive adoption of security best practices
• Own and continuously improve secure software development lifecycle (SDLC) processes and tools
• Serve as a subject matter expert and mentor, guiding and educating teams on cybersecurity principles, secure coding and threat modeling
• Participate directly in incident response activities, investigations and post-incident analysis
• Demonstrate humility, entrepreneurial spirit, strong communication skills and comfort contributing to a dynamic, cross-functional environment

Preferred Qualifications

• Relevant industry certifications (e.g., CISSP, CISM, CCSP) are highly desirable. OSCP is a big plus
• Exceptional communication skills and the ability to convey complex security concepts to non-technical stakeholders

Benefits

• Competitive healthcare benefits
• Generous equity compensation
• Unlimited vacation
• Membership in the First Round Network (a curated and confidential community with events, guides, thousands of Q&A questions, and opportunities for 1-1 mentorship)