Senior Manager, Security Engineering

Responsibilities:

• Manage, mentor, and grow the Application Security, Vulnerability Management, and Security Assessment teams, fostering a culture of engineering excellence and proactive security ownership.
• Define and execute the application security roadmap, directly contributing to our top priority of preventing PHI exposure.
• Serve as a technical leader and mentor, guiding the team's architectural decisions and fostering engineering excellence in languages like Go and Python.
• Evolve our secure SDLC through the strategic implementation of SAST, DAST, and SCA tooling, focusing on actionable results and a positive developer experience.
• Champion and guide the strategy for modern access control, including Just-In-Time (JIT) access and other least-privilege initiatives, in partnership with the Cloud Security team.
• Oversee key security programs including threat modeling, bug bounty, penetration testing, and vulnerability management.
• Partner with engineering and product leaders to ensure security and privacy are designed into our products from the very beginning.

Qualifications:

• 8+ years of experience in security engineering, with at least 3+ years as a direct people manager leading security teams.
• A strong track record of building and scaling Application Security programs in cloud-native SaaS environments (AWS strongly preferred).
• Hands-on-keyboard proficiency in a modern programming language (e.g., Go, Python), with the ability to perform meaningful code reviews and guide technical architecture.
• Demonstrated success leading vulnerability management programs, from detection through remediation and verification.
• Deep experience with the tools and processes used to secure the SDLC, including SAST, DAST, SCA, and CI/CD pipeline integration.
• Proven ability to run effective threat modeling exercises for complex applications and services.
• Excellent communication skills, with the ability to articulate complex security risks and strategies to both technical and executive audiences.
• Experience securing platforms in a regulated healthcare environment and deep familiarity with HIPAA and HITRUST controls.
• Background in running external-facing security programs like bug bounty, responsible disclosure, or customer security reviews.
• Familiarity with Infrastructure as Code (IaC) principles and tools like Terraform, and an understanding of how they influence application security.
• Experience navigating compliance frameworks beyond healthcare, such as ISO 27001 or SOC 2.

Physical/Cognitive Requirements:

• Capability to remain seated in a stationary position for prolonged periods.
• Eye-hand coordination and manual dexterity to operate keyboard, computer and other office-related equipment.
• Capability to work with leadership, employees, and members in an appropriate manner.