Product Security Engineer

Modern Health is a mental health benefits platform for employers offering one-on-one, group, and self-serve digital resources for emotional, professional, social, financial, and physical well-being. Backed by top investors and fastest female-founded US unicorn.

Culture Highlights

• "It Takes a Village" culture centered on empathy and accountability with a drive to win.
• Obsession to win with ambition and passion for excellence and innovation.
• Accountability and reliance on each other with transparent communication and feedback.
• Empathy fostering a supportive, diverse, collaborative environment.
• Bias towards action in a fast-paced environment empowering decision-making.

The Role

Maintaining the security and privacy of our users is paramount to Modern Health’s mission. As a member of the security team you will have organization-wide visibility to continuously support and monitor our commitment to privacy, security, and compliance. This is a unique opportunity to use your engineering and security skills to make a direct impact in people's lives. We need a security engineer who can pick up and understand complex technical areas quickly, mitigate risk by increasing automation in security domains, and work with other engineers to securely release and maintain software, infrastructure, and an information security management system (ISMS), while always working to increase our security and compliance posture. This role will be part of the Product Security (ProdSec) team reporting to the Head of Security. It can be based anywhere in the United States except Hawaii. Don’t have direct security experience but are a passionate developer or Software engineer with AWS experience that is interested in Security? Please apply!

What You’ll Do

• Analyze security vulnerabilities in web/mobile applications; drive remediations with engineering teams.
• Research product threats, emerging vulnerabilities & mitigation techniques relevant to health tech landscape.
• Partner with Engineering/Product teams to integrate security into SDLC; champion secure development practices.
• Develop cost-effective solutions for complex application/product security challenges.
• Implement product security standards influencing engineering/architecture decisions.
• Test/audit/assess security posture of applications & cloud infrastructure configurations.
• Guide engineering teams on secure coding standards; provide resources & feedback.
• Deploy/manage security tools like SAST, DAST, Hashicorp Vault etc.
• Participate in threat modeling for new features/services proactively reducing risk.
• Conduct secure code reviews on modern frameworks/technologies.
• Assist planning/executing penetration tests on new features pre-production release.
• Collaborate on IT security initiatives with infrastructure/operations teams (device management/endpoints).
• Engage with Cloud Security efforts partnering with DevOps/Infrastructure teams.

Candidate Profile

• Passionate & confident team member taking ownership of work.
• Deep familiarity with secure software development practices & security-focused architecture/infrastructure aligned with business needs.
• Support adoption of application/product security best practices across engineering teams; contribute business-wide initiatives.
• Hands-on experience with vulnerability management, secure code review & threat modeling using industry-standard tools.
• Experience with at least one scripting language (Python/Bash preferred).
• Thrives in fast-paced collaborative environments working closely with developers/product managers/stakeholders securing web/mobile apps.
• Able to assess/prioritize/execute projects independently; comfortable in fast-paced environment.
• Excellent written/verbal communication skills.

Experience Level

Product/application security experience: 2–4 years

Security-focused software engineering experience: 1–3 years

Additional Experience: Integrating security into agile product delivery (preferred)

Technology Stack

• AWS: ECS & cloud hosting
• Gitlab: CI/CD pipelines
• Python frameworks: Django, Flask & aiohttp
• Databases: PostgreSQL & Redis
• Monitoring: Datadog & Sentry
• Infrastructure as Code: Terraform & Packer

Bonus Points For Experience In:

• High growth startup environments
• SaaS software development
• Health Tech industry knowledge
• Software engineering best practices

Benefits:

Fundamentals:

• Medical / Dental / Vision / Disability / Life Insurance coverage
• High Deductible Health Plan with HSA option
• Flexible Spending Account (FSA)
• Access to coaches & therapists through Modern Health's platform
• Flexible Time Off
• Company-wide Collective Pause Days

Family Support:

• Parental Leave Policy
• Family Forming Benefit through Carrot
• Family Assistance Benefit through UrbanSitter

Professional Development:

• Professional Development Stipend

Financial Wellness:

• 401k plan
• Financial Planning Benefit through Origin

'tBut Wait There’s More':

• Annual Wellness Stipend for overall well-being items
• New Hire Stipend for work-from-home setup costs
• ModSquad Community virtual events including ERGs & team-building activities
• Monthly Cell Phone Reimbursement

Salary Information:

Note Compensation depends on qualifications/skills/experience; ranges are starting annual pay for remote US locations by zones: Zone 1 (San Francisco Bay Area/New York City Metro): $119.3k-$140.4k USD/year, zones 2–4 range from approximately $101k-$140k USD/year depending on location, ranges may include On Target Earnings (OTE) including base pay + commission, and full-time employees are eligible for equity program & benefits package, ranges may vary based on candidate qualifications, salary range inferred as over_120k USD annually based on role seniority/location.