Sr. Product Security Engineer
Our healthcare system is the leading cause of personal bankruptcy in the U.S. Every year, over 50 million Americans suffer adverse financial consequences as a result of seeking care, from lower credit scores to garnished wages. The challenge is only getting worse, as high deductible health plans are the fastest growing plan design in the U.S.
Cedar’s mission is to leverage data science, smart product design and personalization to make healthcare more affordable and accessible. Today, healthcare providers still engage with its consumers in a “one-size-fits-all” approach; and Cedar is excited to leverage consumer best practices to deliver a superior experience.
U.S. healthcare is frustrating and deeply flawed. Cedar’s mission is to drive better outcomes for everyone involved, including providers, insurance companies and the people they serve. At a time when consumer-friendly healthcare experiences are more critical than ever, our platform is uniquely equipped to solve problems that lead to billing issues and administrative waste.
The Product Security team at Cedar combines deep application security expertise with software development in order to help build our patient-focused solutions efficiently and safely. As a Product Security Engineer at Cedar, you will work with an inquisitive, diverse, and experienced team on a platform that is rapidly scaling. You’ll help solve problems that matter, affecting tens of millions of patients annually.
Our core tenets include using good judgment and having the autonomy to be successful. Your role will be to assess risk across the company and make decisions about the risk we should prioritize. On an average day you might participate in a security-focused design review, write code to create new security tooling, or create educational materials to improve security awareness across the company. At Cedar, we don’t require experience with particular languages, but deep familiarity with modern and industry-standard technologies in our tech stack is always a plus.
- You’re an application security engineer who prioritizes addressing security challenges with technology, not process
- You have a demonstrated history of enabling software developers with usable tools and actionable security guidance
- You’re comfortable communicating security risks and controls to technical and non-technical partners
- You have deep experience with security code review, threat modeling or security architecture reviews, developing high-signal low-noise security automation
- You have a working proficiency with a general-purpose programming language (ideally Python)
Bonus Points if you have
- Familiarity with HIPAA, PCI, and the unique considerations around securing health and payments data
- Build services and tools that help product and platform engineers build, deploy, and maintain Cedar products safely and efficiently.
- Develop guardrails for software designs that improve security and time to deliver.
- Serve as the designated Security Partner for multiple engineering teams across the SSDLC, evangelizing security and helping threat model projects, bake security into designs, and review code and implementations
- Contribute to security automation projects, such as static analysis, vulnerability management, and asset inventory
Applicants must be currently authorized to work in the United States on a full-time basis.
Compensation Range and Benefits
- Salary/Hourly Rate Range*: $178,500 - $210,000
- This role is equity eligible
- This role offers a competitive benefits and wellness package
*Subject to location, experience, and education
What do we offer to the ideal candidate?
- A chance to improve the U.S. healthcare system at a high-growth company! Our leading healthcare financial platform is scaling rapidly, helping millions of patients per year
- Unless stated otherwise, most roles have flexibility to work from home or in the office, depending on what works best for you
- For exempt employees: Unlimited PTO for vacation, sick and mental health days–we encourage everyone to take at least 20 days of PTO per year to ensure dedicated time to spend with loved ones, explore, rest and recharge
- 16 weeks paid parental leave with health benefits for all parents, plus flexible re-entry schedules for returning to work
- Diversity initiatives that encourage Cedarians to bring their whole selves to work, including the Cedarian Advisory Group (a cross-functional cohort focused on increasing internal inclusiveness at Cedar) and three employee resource groups: be@cedar (for BIPOC-identifying Cedarians and their allies), Pridecones (for LGBTQIA+ Cedarians and their allies) and Cedar Women+ (for female-identifying Cedarians)
- Competitive pay, equity (for qualifying roles) and health benefits that start on the first of the month following your start date (or on your start date if your start date coincides with the first of the month)
- Cedar matches 100% of your 401(k) contributions, up to 3% of your annual compensation
- Access to hands-on mentorship, employee and management coaching, and a team discretionary budget for learning and development resources to help you grow both professionally and personally
Cedar was co-founded by Florian Otto and Arel Lidow in 2016 after a negative medical billing experience inspired them to help improve our healthcare system. With a commitment to solving billing and patient experience issues, Cedar has become a leading healthcare technology company fueled by remarkable growth. Over the past several years, we’ve raised more than $350 million in funding from investors such as Andreessen Horowitz and Tiger Global, bringing Cedar’s valuation to $3.2 billion.
As of December 2022, Cedar is engaging with 20 million patients on an annualized basis, and is on target to process $2.7 billion in patient payments annually. Cedar’s ambition is to serve 50-60 million Americans by 2025, about half of the U.S. population that makes medical payments annually. Cedar partners with more than 55 leading healthcare providers and payers including Highmark Inc., Allegheny Health Network, Summit Health, Novant Health, Allina Health and Providence.