Product Security Engineer

Modern Health

Modern Health is a mental health benefits platform for employers. We are the first global mental health solution to offer employees access to one-on-one, group, and self-serve digital resources for their emotional, professional, social, financial, and physical well-being needs-all within a single platform. Whether someone wants to proactively manage stress or treat depression, Modern Health guides people to the right care at the right time. We empower companies to help all their employees be the best version of themselves, and believe in meeting people wherever they are in their mental health journey.

Modern Health is backed by investors like Kleiner Perkins, Founders Fund, John Doerr, Y Combinator, and Battery Ventures and raised more than $170 million in less than two years, making Modern Health the fastest entirely female-founded company in the U.S. to reach Unicorn status.

More about our culture and what you can expect when you join the team:

• "It Takes a Village" culture . Modern Health has a unique and unabashed culture centered around high empathy and high accountability - with a drive to win. We are energized by bringing together the best talent in the industry to achieve audacious goals focused on making mental health a strength and priority for all.
• We have an obsession to win. We are highly ambitious and passionate about the work that we do. We take pride in delivering excellence and our personal best and we continuously innovate to uniquely solve our customers' needs.
• We are accountable and can rely on each other. We are a team and hold ourselves and each other accountable. We believe in transparent communication and continuous feedback to foster a culture of trust, reliability, and growth.
• We demonstrate empathy. We have a supportive and diverse culture where we bolster and uplift each other as we pursue our lofty goals. We encourage selflessness and a willingness to support others, fostering a collaborative and respectful environment.
• We exhibit a bias towards action. This is a fast-paced environment. We jump into problems and initiate solutions. We empower our people to make decisions and experiment, iterate, and repeat until we get it right.

Modern Health is a fully remote workforce and a hyper-growth company that is often recognized for its excellence, winning awards such as World's Most Innovative Companies of 2023 by Fast Company, Top 25 Companies of San Francisco 2023, and 2023 Well-Being Trailblazer Award. To protect our culture and help our team stay connected, we require overlapping hours for everyone. While many roles may function from anywhere in the world-see individual job listing for more-US based team members who live outside the Pacific time zone are expected to work at least six hours between 8 am and 5 pm Pacific time each workday.

We are looking for driven, creative, and passionate individuals to join in our mission. An inclusive and diverse culture are key components of mental well-being in the workplace, and that starts with how we build our own team. If you're excited about a role, we'd love to hear from you!

The Role

Maintaining the security and privacy of our users is paramount to Modern Health's mission. As a member of the security team you will have organization-wide visibility to continuously support and monitor our commitment to privacy, security, and compliance.

This is a unique opportunity to use your engineering and security skills to make a direct impact in people's lives. We need a security engineer who can pick up and understand complex technical areas quickly, mitigate risk by increasing automation in security domains, and work with other engineers to securely release and maintain software, infrastructure, and an information security management system, while always working to increase our security and compliance posture.

This role will be part of the Product Security (ProdSec) team, report to the Head of Security, and can be based anywhere in the United States. This is a unique opportunity to be a security leader at a fast growing company, and the work done by this position will lay the foundation for security at Modern Health for years to come!

Don't have direct security experience but are a passionate developer or Software engineer with AWS experience that is interested in Security? Please apply!

This position is not eligible to be performed in Hawaii.
What You'll Do

• Analyze security vulnerabilities in web and mobile applications, determine risk levels, and drive remediations in collaboration with engineering teams.
• Research and report on potential product threats, emerging vulnerabilities, and mitigation techniques relevant to the evolving health tech landscape.
• Partner with Engineering and Product stakeholders to integrate security at every stage of the SDLC, championing secure development practices and agile delivery.
• Develop and advocate for cost-effective solutions to address complex application and product security challenges.
• Implement the adoption of product security standards and best practices across the organization, influencing engineering and architecture decisions.
• Routinely test, audit, and assess the security posture of application and cloud infrastructure configurations.
• Guide engineering teams in applying secure coding standards, providing resources and actionable feedback to foster a culture of security.
• Deploy, optimize, and manage security tooling such as SAST, DAST, Hashicorp Vault, and other industry-leading application security solutions.
• Participate in collaborative threat modeling initiatives for new features and evolving services, ensuring proactive risk identification and reduction.
• Conduct secure code reviews on services and applications built with modern frameworks and technologies.
• Assist in planning and executing targeted penetration tests on new features, identifying and reporting vulnerabilities before production release.
• Collaborate on IT security initiatives, partnering with infrastructure and operations teams to review security controls for device management, endpoint protection, access management, and overall IT hygiene.
• Engage with Cloud Security efforts by partnering with DevOps and Infrastructure teams to assess, improve, and monitor cloud architecture, security policies, and cloud-native controls to ensure secure deployment and operations of applications and services.

Who You Are / Role Requirements:

• You are a passionate and confident team member that takes pride and ownership in the work you do.
• You are deeply familiar with secure software development practices, security-focused architecture, and infrastructure that aligns with product objectives and business needs.
• You support the adoption of application and product security best practices across engineering teams and contribute to business-wide security initiatives.
• You have hands-on experience with vulnerability management, secure code review, threat modeling, and industry-standard tools for application and product security.
• You have hands-on experience with at least one scripting language (Python and/or Bash preferred).
• You thrive in fast-paced, collaborative environments, working closely with developers, product managers, and cross-functional stakeholders to secure web and mobile applications.
• You are able to assess, prioritize, and execute on projects independently.
• You are comfortable working in a fast-paced environment.
• You have excellent written and verbal communication skills.
• You bring 2-4 years of experience in product/application security or 1-3 years in security-focused software engineering.
• You have experience integrating security into agile product delivery.
• Immigration sponsorship is not available for this position. Applicants must be able to maintain work authorization for the duration of employment without employer sponsorship or employer-provided training plans or attestations (including, for example, the Form I-983 required for STEM OPT).

Our stack:

• AWS: ECS and cloud hosting
• Gitlab: CI/CD
• Python: Django, Flask, aio
• Data: PostgreSQL, Redis
• Monitoring: Datadog and Sentry
• IaC: Terraform, Packer

Bonus points if you have experience in:

• Working at a high growth startup
• Working on SaaS software
• Working in Health Tech
• Software engineering experience

Benefits

Fundamentals:

• Medical / Dental / Vision / Disability / Life Insurance
• High Deductible Health Plan with Health Savings Account (HSA) option
• Flexible Spending Account (FSA)
• Access to coaches and therapists through Modern Health's platform
• Flexible Time Off
• Company-wide Collective Pause Days

Family Support:

• Parental Leave Policy
• Family Forming Benefit through Carrot
• Family Assistance Benefit through UrbanSitter

Professional Development:

• Professional Development Stipend

Financial Wellness:

• 401k
• Financial Planning Benefit through Origin

But wait there's more...!

• Annual Wellness Stipend to use on items that promote your overall well being
• New Hire Stipend to help cover work-from-home setup costs
• ModSquad Community: Virtual events like active ERGs, holiday themed activities, team-building events and more
• Monthly Cell Phone Reimbursement

Equal Pay for Equal Work Act Information

Please refer to the ranges below to find the starting annual pay range for individuals applying to work remotely from the following locations for this role.

• Zone 1: San Francisco Bay Area and New York City Metro
• Zone 2: All other California locations and Seattle, WA
• Zone 3: All other New York locations, All other Washington locations, Washington DC, Austin,
  TX, CT, IL, MA, NH, NJ, OR, RI, VT
• Zone 4: All other Texas locations, AL, AK, AZ, AR, CO, DE, FL, GA, HI, ID, IN, IA, KS, KY, LA, ME, MD, MI, MN, MS, MO, MT, NE, NV, NM, NC, ND, OH, OK, PA, SC, SD, TN, UT, VA, WV, WI, WY

Compensation for the role will depend on a number of factors, including a candidate's qualifications, skills, competencies, and experience and may fall outside of the range shown. Ranges are not necessarily indicative of the associated starting pay range in other locations. Full-time employees are also eligible for Modern Health's equity program and incredible benefits package. See our Careers page for more information.

Depending on the scope of the role, some ranges are indicative of On Target Earnings (OTE) and includes both base pay and commission at 100% achievement of established targets.

Zone 1

$119,300-$140,400 USD

Zone 2

$119,300-$140,400 USD

Zone 3

$107,370-$126,360 USD

Zone 4

$101,405-$119,340 USD

Below, we are asking you to complete identity information for the Equal Employment Opportunity Commission (EEOC). While we are required by law to ask these questions in the format provided by the EEOC, at Modern Health we know that gender is not binary, and we recognize that these categories do not reflect our employees' full range of identities.