Senior Security Engineer
About Hims & Hers:
Hims & Hers Health, Inc. (better known as Hims & Hers) is a multi-specialty telehealth platform building a virtual front door to the healthcare system. Hims & Hers connects consumers to licensed healthcare professionals, enabling people to access high-quality medical care—from wherever is most convenient—for numerous conditions related to primary care, mental health, sexual health, skincare, and more. Launched in November 2017, the platform also offers thoughtfully created and curated health and wellness products. With products and services available across all 50 states and Washington, D.C., Hims & Hers’ mission is to make it easier for all Americans to access affordable care and treatment for conditions that impact their daily lives. In January 2021, the company was listed on the NYSE at an initial valuation of $1.6 billion and is traded under the ticker symbol “HIMS”. To learn more about our brand and offerings, you can visit forhims.com and forhers.com.
The Senior Security Engineer will be focused on securing the enterprise by conducting application penetration testing on the organizations application portfolio, and by partnering with the Application Development organization to remediate vulnerability findings. This role will also directly manage and support the security scanning tooling and process.
You Will
- Perform and/or coordinate Penetration testing, including but not limited to WebApp and Mobile
- Support Vulnerability Management, Vulnerability disclosure, and Bug bounty program
- Perform dynamic and static application security testing using both manual and automated testing tools
- Manage and support the security scanning tooling and process in partnership with with the DevSecOps team
- Identify and validate false positives from automated / manual testing reports as part of SDLC and partner with engineers to ensure vulnerabilities are prioritized and addressed in timely fashion
- Provide technical support and expert knowledge to help engineers in addressing identified security issues
- Contribute to and enhance the vulnerability management program
- Participate in conducting security research on threats and remediation techniques
- Define security requirements and make recommendations to the technology teams as part of governance during significant changes to applications and architecture
- Support the operational information security responsibilities, including the development maintenance of standards, procedures, and guidelines necessary to satisfy the Information security department's operations
- Awareness of latest and common security threats
- Influence and work with stakeholders at all levels of the organization
- Mentor more junior members of the team and contribute to the development of security training curriculum for engineers
- Serve as a member of Security Operations Center and Incident Response Team
- Threat modeling, end-to-end security evaluation
You Have:
- 8+ years of relevant technology experience
- 6+ years of information security applications and systems experience
- 5+ years of manual information security penetration testing tools, topics, and techniques
- 1+ years of mobile (Android/IOS) penetration testing experience
- Must be well versed with OWASP Top 10 vulnerabilities
- Certifications such as GIAC (GWAPT, GPEN, GCPN), Offensive Security Certified Professional (OSCP) and AWS are preferred
Hims is an Equal Opportunity Employer and considers applicants for employment without regard to race, color, religion, sex, orientation, national origin, age, disability, genetics or any other basis forbidden under federal, state, or local law. Hims considers all qualified applicants in accordance with the San Francisco Fair Chance Ordinance.