Senior Security Engineer
Hims & Hers Health, Inc. (better known as Hims & Hers) is a multi-specialty telehealth platform building a virtual front door to the healthcare system. We connect consumers to licensed healthcare professionals, enabling people to access high-quality medical care—from wherever is most convenient—for numerous conditions related to sexual health, hair care, mental health, skincare, primary care, and more.
With products and services available across all 50 states and Washington, D.C., Hims & Hers is on a mission to help the world feel great through the power of better health. We believe how you feel in your body and mind transforms how you show up in life. That’s why we’re building a future where nothing stands in the way of harnessing this power. We normalize health & wellness challenges—and innovate on their solutions—to make feeling happy and healthy easy to achieve. No two people are the same, so we provide access to personalized care designed for results. At our core, our mission is deeply personal—because we too are customers.
In January 2021, the company was listed on the NYSE and is traded under the ticker symbol “HIMS”. To learn more about our brand and offerings, you can visit forhims.com and forhers.com.
About the Role:
As a Senior Security Engineer, you will be a thought leader as part of the Security Team focused on helping design, implement and mature innovative and cutting edge security capabilities. The Security Engineer champions secure by design and defense in-depth principles into our initiatives, provides hands-on technical leadership for security domains, assists with defining vision and execution of strategy aligning to business needs and is expected to help solve a wide range of security challenges. The Security Engineer is part of a highly collaborative security program and an engineering culture driven technology organization.
You Will:
- Develop and promote security architecture and design strategies, frameworks and patterns while collaborating closely with engineering, and product organization
- Actively partner with stakeholders to understand business requirements and develop supporting security and resiliency principles to ensure adoption of industry best practices
- Ensure information security and regulatory requirements are effectively integrated into new or improved systems
- Demonstrates expert technology competence in security domains including but not limited to application, cloud, resiliency, identity and access management, and data security
- Establish credibility among technology experts as the subject matter expert across security disciplines
- Review and influence the security of vendor applications and systems to ensure they meet our security objectives and can be implemented securely
- Analyze technical risks of existing systems and application against correlating policies and risks, and provides appropriate remediation or risk reduction plans
- Define, publish, and implement Security Standards / Frameworks
- Effectively communicates across departments and leadership groups and builds consensus in support of strategic objectives
- Establish security vision and roadmap while ensuring it aligns with the cybersecurity strategy, enterprise business and technology strategy, and industry trends.
- Mentor and guide engineering teams on security best practices
- Collaborate with teams to provide a secure environment for our customers through secure SDLC and secure cloud adoption.
- Threat modeling, end-to-end security evaluation
You Have:
- Bachelor's degree in Computer Science, Engineering, Information Systems, or equivalent background or experience preferred
- 10+ years of relevant technical experience
- 5+ years of experience working with cloud-based platforms (AWS, Azure, GCP) in an enterprise environment
- Experience in the IAM domain including tools (Okta, Centrify, CyberArk, Ping) preferred.
- Experience with Java/Kotlin, JavaScript, Python, and modern development and delivery techniques
- Strong knowledge of authentication and authorization industry standards such as, SAML, OpenID, OAuth2
- Prior experience in healthcare industry including strong understanding of HIPAA Privacy and Security Rule preferred
Our Benefits (there are more but here are some highlights):
- Employee Stock Purchase Program
- An inclusive culture where we are always looking for improvement and cherish your input
- Great compensation package, including equity
- Unlimited PTO (10 holidays off), Mental Health days (1 day off per quarter)
- Generous Parental Leave
- High-coverage medical, dental & vision
- Mental health & wellness benefits
- Offsite team retreats
- Access to Amazon HIMS Store to order any additional equipment to ensure you have the gear you need
- Employee discounts on hims & hers & Apostrophe online products, and at the Apple Store
- $75 monthly connectivity stipend (phone/internet)
- 401k Match
We are focused on building a diverse and inclusive workforce. If you’re excited about this role, but do not meet 100% of the qualifications listed above, we encourage you to apply.
Hims is an Equal Opportunity Employer and considers applicants for employment without regard to race, color, religion, sex, orientation, national origin, age, disability, genetics or any other basis forbidden under federal, state, or local law. Hims considers all qualified applicants in accordance with the San Francisco Fair Chance Ordinance.
#LI-Remote