Staff Security Engineer

Modern Health • Remote - US • 15h ago

The Role

Maintaining the security and privacy of our users is paramount to Modern Health’s mission. As a Staff Security Engineer, you will operate as a key technical leader, responsible for setting the long-term security vision and strategic direction for our product and cloud environments. You will tackle the most complex, ambiguous security challenges, acting as a force multiplier across the entire engineering organization to ensure our commitment to privacy, security, and compliance remains world-class.

This is a unique opportunity to leverage deep engineering expertise and security domain knowledge to make a direct and massive impact in people's lives. We need a security leader who can mitigate systemic risk by increasing automation, defining secure architectural patterns, and embedding security principles across all product teams.

This role will be part of the Product Security (ProdSec) team, report to the Head of Security, and can be based anywhere in the United States. This is a unique opportunity to be a security leader at a fast growing company, and the work done by this position will lay the foundation for security at Modern Health for years to come!

This position is not eligible to be performed in Hawaii.

What You’ll Do

Define and drive the strategic roadmap for proactive security vulnerability analysis in web and mobile applications, setting the organizational standard for risk determination and leading complex, company-wide remediations.
Establish the technical vision and program for integrating robust security controls at every stage of the Software Development Life Cycle (SDLC), championing secure development practices and scalable agile delivery.
Architect, deploy, and manage defensive security tooling (e.g., SAST, DAST, SCA) and evaluate new industry-leading application security solutions to create a robust, automated security platform.
Lead the maturation of the Product and Application Security Program by developing and implementing security policies, standards, and metrics to continually raise the security bar and demonstrate compliance.
Lead collaborative and cross-functional threat modeling initiatives for core systems, new features, and evolving services, ensuring proactive risk identification and structural security improvement.
Act as a force multiplier across the organization, actively mentoring engineers and driving the adoption of secure coding standards, best practices, and security-focused architecture.
Routinely test, audit, and assess the security posture of application and cloud infrastructure configurations, focusing on automation and continuous compliance.
Engage with Cloud Security efforts by partnering with DevOps and Infrastructure teams to assess, improve, and monitor cloud architecture, security policies, and cloud-native controls to ensure secure deployment and operations.
Develop and advocate for cost-effective, scalable, and complex solutions to address application and product security challenges across the business.

Who You Are

You are a passionate technical leader with a deep sense of ownership who drives large-scale, cross-functional projects to completion.
You are an expert in secure software development practices, security-focused architecture, and infrastructure that aligns with product objectives and business needs.
You drive the adoption of application and product security best practices across engineering teams and influence business-wide security initiatives.
You have extensive hands-on experience with vulnerability management, secure code review, threat modeling, and industry-standard tools for application and product security.
You have hands-on experience with at least one scripting language (Python and/or Bash preferred).
You thrive in fast-paced, collaborative environments, working closely with developers, product managers, and cross-functional stakeholders to secure web and mobile applications.
You are able to assess, prioritize, and execute on ambiguous and complex projects independently.
You bring 8+ years of progressive experience in product/application security or a related security-focused engineering field.
You have demonstrated experience guiding teams and integrating security into agile product delivery.
You have excellent written and verbal communication skills, capable of articulating technical risk to both engineering and executive audiences.

Bonus Points

Working at a high growth startup
Working on SaaS software
Working in Health Tech
Software engineering experience

Our Stack

AWS: ECS and cloud hosting
Gitlab: CI/CD
Python: Django, Flask, aiohttp
Data: PostgreSQL, Redis
Monitoring: Datadog and Sentry
IaC: Terraform, Packer

Benefits

Fundamentals:

Medical / Dental / Vision / Disability / Life Insurance
High Deductible Health Plan with Health Savings Account (HSA) option
Flexible Spending Account (FSA)
Access to coaches and therapists through Modern Health's platform
Generous Time Off
Company-wide Collective Pause Days

Family Support:

Parental Leave Policy
Family Forming Benefit through Carrot
Family Assistance Benefit through UrbanSitter

Professional Development:

Professional Development Stipend

Financial Wellness:

401k
Financial Planning Benefit through Origin

But wait there’s more…!

Annual Wellness Stipend to use on items that promote your overall well being
New Hire Stipend to help cover work-from-home setup costs
ModSquad Community: Virtual events like active ERGs, holiday themed activities, team-building events and more
Monthly Cell Phone Reimbursement