Principal Security Engineer II

Remote, US

Thirty Madison logo

Thirty Madison

Thirty Madison is a human-first healthcare company, powering access to affordable specialized healthcare through brands like Keeps and Cove.

The Role

Thirty Madison, Inc. in New York, NY is seeking a Principal Security Engineer II to design technical solutions and processes to identity, resolve, and mitigate security vulnerabilities and risks. Job responsibilities and duties include: Research threats and attack vectors that impact the company’s applications and infrastructures. Devise and bolster defense-in-depth through secure-by-default frameworks, architectures, and processes. Mentor and share security and privacy best practices with all parts of the organization. Utilize automation and development-based approach to develop security controls. Provide threat modeling abilities for security risks. Develop security control strategies, iterative design, and have product ownership for assigned deliverables. Work with a range of stakeholders, including Engineers, Doctors, and other Partners. Utilize modern cloud deployment technologies to develop security infrastructure. Encrypt data transmissions and erect firewalls to conceal confidential information as it is being transmitted and to keep out tainted digital transfers. Perform risk assessments and execute tests of data processing systems to ensure functioning of data processing activities and security measures. Provide technical architecture and leadership to develop security control strategies, iterative design, and product ownership. Modify computer security files to incorporate new software, correct errors, or change individual access status. Perform threat modeling for security risks. This position will manage at least two Security Engineers, and will hold project and personnel management authority. No travel. Work from home benefit is offered for this position.


Requires a Master’s degree in Computer Science, Computer Engineering, Software Engineering, or any related IT field of study, plus at least three (3) years of experience in the job offered or any related positions. Qualified applicants must also have demonstrable proficiency, skill, experience, and knowledge with the following: Modern cloud deployment technologies, including AWS and Kubernetes. Utilizing at least one of the following modern web frameworks: Ruby on Rails, Python, Django, or Node/Express. MS SQL and MySQL. Pentesting / Static Analysis Tools, including at least one of the following: Burp Suite, IBM Appscan, Standard/Source Edition, Fiddler, HP Swf Scanner, Nessus, Nexpose, Metasploit, Kali, OWASP ZAP. Utilizing at least one of the following programing and scripting languages: C#, JAVA, SQL, Unix Shell Scripting, Python, JavaScript, Golang. No travel. Work from home benefit is offered for this position.

Benefits for full-time Thirty Madison employees:

  • Competitive salary packages and career development opportunities
  • 100% coverage on many health, dental, and vision insurance plans
  • 401k with a match, commuter benefits, and FSA
  • Budget for the technology tools you need — whether it’s a laptop, monitor, or special software
  • Annual $750 vacation stipend and $750 wellness allowance

*Contractors and temps are not eligible for benefits.

About Thirty Madison 

Thirty Madison is building the premier healthcare company for people with chronic health issues. Through our novel approach to care delivery, powered by our proprietary platform and brands built around specific chronic conditions, we combine the best of specialist-level healthcare with the convenience of telemedicine.

In just four years, we’ve built a number of brands on top of our platform: Keeps (for men’s hair loss), Cove (for migraine), Evens (for GI conditions), Picnic (for allergies), Facet (for skin), and Nurx (for women's sexual and reproductive health). We’re growing rapidly, recently raised a $140m Series C, and are backed by some of the best healthcare and consumer investors, including HealthQuest Capital, Mousse Partners, Bracket Capital, Polaris Partners, Johnson & Johnson, Maveron, Northzone, among others.

We are honored to become Great Place to Work certified and be included on BuiltIn's 2021 list of Best Places To Work in New York City, and Best Midsize Companies To Work For. We've also been recognized by Forbes' Best Startup Employers, being named as one of America's Best Places to Work 2022. This recognition is a true testament to our hardworking team and company culture. As we continue to grow, we pride ourselves on finding passionate individuals who truly embody our core values and mission each and every day.

At this time, Thirty Madison is fully remote (excluding Pharmacy roles) and operates in the following states: Arkansas, California, Colorado, Connecticut, Delaware, Florida, Georgia, Illinois, Indiana, Iowa, Kentucky, Maryland, Massachusetts, Michigan, Minnesota, Missouri, Nevada, New Jersey, New York, North Carolina, Ohio, Oklahoma, Oregon, Pennsylvania, South Carolina, Tennessee, Texas, Virginia, Washington, Washington D.C., Wisconsin.

Don’t meet every single requirement? Studies have shown that women and people of color are less likely to apply to jobs unless they meet every single qualification. At Thirty Madison we are dedicated to building a diverse, inclusive and authentic workplace, so if you’re excited about this role but your past experience doesn’t align perfectly with every qualification in the job description, we encourage you to apply anyways. You may be just the right candidate for this or other roles.

We are proud to be an equal opportunity workplace committed to building a team culture that celebrates diversity and inclusion.

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions. Contact us at to request accommodation.

How we are managing through the COVID pandemic and its impact on our team?

These are unprecedented times and we understand COVID-19 is impacting everyone differently. Our primary goal from the beginning of the pandemic has been to ensure employee safety. We went from optional to mandatory work-from-home very quickly in early March, and we have told employees that they can work remotely to allow them to plan accordingly. 

We have also rolled out several initiatives to help our team successfully navigate the uncertainty associated with COVID-19. These initiatives have included providing funds for home office improvements, medical reimbursements, free meditation/mindfulness tools, mandatory “Me Days” away from work, company-wide Refresh days off, and fun opportunities to connect live with teammates each week (such as virtual escape rooms). We continue to examine different benefits, tools, and processes that best support our employees as we continue to work remotely and eventually begin transitioning back to the office.

*Please be aware that there are fraudulent entities who are claiming to be affiliated with Thirty Madison in order to trick job seekers into divulging personal information or making payments based on false representations while impersonating Thirty Madison. These entities solicit money and personal information under the guise of offering you a position with Thirty Madison. The scammers use many methods to perpetuate these scams, including using Thirty Madison’s trademarks on their correspondence to potential victims. Thirty Madison takes the safety and integrity of those seeking employment with us very seriously and we work cooperatively with our legal team, security department and local authorities to address this issue. If you receive a job offer that claims to be from Thirty Madison, please take steps to confirm that it is legitimate by reviewing the offer carefully and contacting Thirty Madison directly if you have any concerns at all. Please note that Thirty Madison will never ask you for bank account or credit card information, and Thirty Madison will not charge you money to apply for a job with Thirty Madison.*

*This employer participates in E-Verify and will provide the federal government with your I-9 Form information to confirm that you are authorized to work in the U.S.*

Tags: Automation AWS Burp Suite C Cloud Computer Science Django Firewalls Golang Java JavaScript Kali Kubernetes Metasploit MSSQL MySQL Nessus OWASP Pentesting Privacy Python Ruby Scripting SQL UNIX Vulnerabilities

Perks/benefits: 401(k) matching Career development Competitive pay Gear Health care Home office stipend Startup environment Team events Travel Wellness

Regions: Remote/Anywhere North America
Country: United States
Job stats:  12  3  0

Other jobs like this

Explore more Cybersecurity career opportunities

Find open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Analysis, Cryptography, Digital Forensics and Cyber Security in general, filtered by job title or popular skill, toolset and products used.