Senior Security Engineer, Product Security

Senior Security Engineer, Product Security

We are looking for a dedicated Security Engineer to join our growing team here at Thirty Madison! This Cloud Security Engineer will be working alongside an existing team of experienced security engineers and partnering closely with technologists across the company to help build the future of digital health security and protect our patients! We serve our patients from end to end, and security works the same way, all the way from the deepest infrastructure to the patient experience, we want our patients to be safer by being with Thirty Madison. Above all, you embody the Thirty Madison mission of providing access to healthcare for all who suffer from chronic conditions.

Comp | Perks | Benefits

• The base pay range for this position is 148,720 - 204,490 per year.**
• Competitive Salary + Annual Incentive Plan + Stock Option Package
• Robust and affordable Health, Dental, and Vision plan options
• 401k with a match, commuter benefits, and FSA
• Annual $750 vacation stipend and $500 happiness stipend
• Flexible time off policy
• Career growth opportunities

** Within the range, individual compensation will be determined through a wide variety of factors including but not limited to education, experience, knowledge, and skills. Please note that the compensation range listed reflects the base salary only, and does not include incentive target, equity, or benefits.”

What you get to do every day

• Foster and enable a secure by default culture. Devise and bolster defense-in-depth through secure-by-default frameworks, architectures and processes.
• Partner with the company’s Product team, Software Engineering team, DevOps, and Services teams to help deliver secure products and services for our patients and doctors.
• Perform security risk assessments, adhoc penetration security testing, threat modeling, and develop/conduct education on secure coding.
• Manually review the source code to get a deep understanding of our products.
• Develop security requirements, collaborate with teams to enable these requirements for building secure applications and services.
• Design solutions and processes to identify, resolve and mitigate security vulnerabilities and risks.
• Research threats and attack vectors that impact Thirty Madison’s applications and infrastructure.

What you bring to the role

• Strong ability to practically prioritize based on security risks than vulnerabilities.
• Ability to work with product managers and product teams and service teams rather than just engineers. The individual should deeply care about the products and their functionality.
• Person who can drive a product security roadmap with collaboration with other teams.
• Experience with microservice architectures, preferred experience with EKS.
• Someone who is not just talking about SAST, DAST, SBOM tooling but has been in scenarios that requires rolling up the sleeves and getting to know the code and can come up with a deep understanding of our source code.
• They must have an ability to code to automate tedious tasks.
• Needs to be able to code, build frameworks, or services that solve security challenges in our products.
• Strong collaboration skills with the wider security team and engineering at Thirty Madison

About Thirty Madison 

Thirty Madison is a family of specialized healthcare brands devoted to creating exceptional outcomes for all. Each of its specialized brands is focused on a specific ongoing condition, and thoughtfully designed to support the unique needs of its community with personalized treatments and care; with Keeps for men's hair loss, Cove for migraine, Picnic for allergies, Facet for skin conditions, and NURX for sexual health. With empathy at the heart of its innovation, its proprietary care model empowers hundreds of thousands of people with ongoing conditions with the accessible, effective treatments across a lifetime of care. In just four years, we’ve built a number of brands and are continuing to grow rapidly, recently raised a $140m Series C, and are backed by some of the best healthcare and consumer investors, including HealthQuest Capital, Mousse Partners, Bracket Capital, Polaris Partners, Johnson & Johnson, Maveron, Northzone, among others.

We are honored to become Great Place to Work certified and be included on BuiltIn's 2021 list of Best Places To Work in New York City, and Best Midsize Companies To Work For. We've also been recognized by Forbes' Best Startup Employers, being named as one of America's Best Places to Work 2022. This recognition is a true testament to our hardworking team and company culture. As we continue to grow, we pride ourselves on finding passionate individuals who truly embody our core values and mission each and every day. Learn more at ThirtyMadison.com. 

Don’t meet every single requirement? Studies have shown that women and people of color are less likely to apply to jobs unless they meet every single qualification. At Thirty Madison we are dedicated to building a diverse, inclusive and authentic workplace, so if you’re excited about this role but your past experience doesn’t align perfectly with every qualification in the job description, we encourage you to apply anyways. You may be just the right candidate for this or other roles.

We are proud to be an equal opportunity workplace committed to building a team culture that celebrates diversity and inclusion.

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions. Contact us at recruiting@thirtymadison.com to request accommodation.

How we are managing through the COVID pandemic and its impact on our team?

These are unprecedented times and we understand COVID-19 is impacting everyone differently. Our primary goal from the beginning of the pandemic has been to ensure employee safety. We went from optional to mandatory work-from-home very quickly in early March, and we have told employees that they can work remotely to allow them to plan accordingly. 

We have also rolled out several initiatives to help our team successfully navigate the uncertainty associated with COVID-19. These initiatives have included providing funds for home office improvements, medical reimbursements, free meditation/mindfulness tools, mandatory “Me Days” away from work, company-wide Refresh days off, and fun opportunities to connect live with teammates each week (such as virtual escape rooms). We continue to examine different benefits, tools, and processes that best support our employees as we continue to work remotely and eventually begin transitioning back to the office.

*Please be aware that there are fraudulent entities who are claiming to be affiliated with Thirty Madison in order to trick job seekers into divulging personal information or making payments based on false representations while impersonating Thirty Madison. These entities solicit money and personal information under the guise of offering you a position with Thirty Madison. The scammers use many methods to perpetuate these scams, including using Thirty Madison’s trademarks on their correspondence to potential victims. Thirty Madison takes the safety and integrity of those seeking employment with us very seriously and we work cooperatively with our legal team, security department and local authorities to address this issue. If you receive a job offer that claims to be from Thirty Madison, please take steps to confirm that it is legitimate by reviewing the offer carefully and contacting Thirty Madison directly if you have any concerns at all. Please note that Thirty Madison will never ask you for bank account or credit card information, and Thirty Madison will not charge you money to apply for a job with Thirty Madison.*

*This employer participates in E-Verify and will provide the federal government with your I-9 Form information to confirm that you are authorized to work in the U.S.*