Product Security Engineer

The Role

The Product Security team at Cedar combines software development with deep application security expertise in order to help build our patient-focused solutions efficiently and safely. As a Product Security Engineer at Cedar, you will work with an inquisitive, diverse, and experienced team on a platform that is rapidly scaling. You’ll help solve problems that matter, affecting tens of millions of patients annually.

Our core tenets include using good judgment and having the autonomy to be successful. Your role will be to build secure, supportable secure paths for other engineers to follow and help accelerate Cedar Engineering’s mission. Whether it’s an improvement on single sign on experience, a smoother UI for credential management, or multi-tenant encrypted vault solutions, Cedar Product Security Engineers build the security tools others need to do their work more safely and more efficiently. 

At Cedar, we don’t require experience with particular languages, but deep familiarity with modern and industry-standard technologies, like Python, Go, and Kotlin are a plus.

About You

• You’re an application security engineer who prioritizes addressing security challenges with technology, not process
• You love building services and tools that help product and platform engineers build, deploy, and maintain products that help hundreds of millions of people
• You have experience with security code review, threat modeling or security architecture reviews.
• You’re proficient in Python, Go, or Kotlin

Bonus Points if you have

• Familiarity with HIPAA, PCI, and the unique considerations around securing health and payments data
• Experience creating developer focused security tooling or libraries
• Participation in security capture-the-flag events

Responsibilities

• Create and extend services and tools that help product and platform engineers build, deploy, and maintain Cedar products safely and efficiently.
• Serve as a Security Partner for multiple engineering teams across the SSDLC, evangelizing security and helping threat model features, bake security into designs, and review code and implementations
• Contribute to security automation projects, such as static analysis, vulnerability management, and asset inventory

What do we offer to the ideal candidate?

• A chance to improve the U.S. healthcare system at a fast-moving company! Our leading healthcare financial platform is scaling rapidly, helping millions of patients per year
• Flexibility to work from home or in the office, depending on what works best for you
• Unlimited PTO for vacation, sick and mental health days–we encourage everyone to take at least 20 days of vacation per year to ensure dedicated time to spend with loved ones, explore, rest and recharge
• 16 weeks paid parental leave with health benefits for all parents, plus flexible re-entry schedules for returning to work
• Diversity initiatives that encourage Cedarians to bring their whole selves to work, including three employee resource groups: be@cedar (for BIPOC-identifying Cedarians and their allies), Pridecones (for LGBTQIA+ Cedarians and their allies) and Cedar Women+ (for female-identifying Cedarians) 
• Competitive pay, equity (for qualifying roles) and health benefits that start on your first day
• 401k plan with 3% employer non-election contribution
• Access to hands-on mentorship, employee and management coaching, and a stipend for learning and development resources to help you grow both professionally and personally

Compensation Range and Benefits

• Salary: $157,250 - $198,875 
• This role is equity eligible 
• This role offers a competitive benefits and wellness package

*Subject to location, experience, and education

#LI-REMOTE