Staff Security Engineer

About us:We are the world’s largest telenutrition and foodcare solution, backed by a national network of Registered Dietitians and designed to yield consistently healthier food choices, lasting behavior change and long-term results.  Foodsmart’s highly personalized, digital platform guides members through a personalized journey to eating well while saving them time and money.  Foodsmart seamlessly integrates dietary assessments and nutrition counseling with online food ordering and cost-effective meal planning for the whole family that makes the most of ingredients at home and on the go. With national and regional retail partners across the US now accepting SNAP/EBT, Foodsmart helps bring healthier food within reach to eligible members and can also assist with SNAP enrollment.  
Founded in 2010 by CEO Jason Langheier, MD, MPH, Foodsmart has supported over 1.5 million members from over 700 health plan, employer and health system clients, and raised over $70 million in funding from leading strategic and venture investors like Advocate Aurora Health, Blue Cross Blue Shield Massachusetts, Seventure (Natixis), Mayfield and Founder Collective.
Learn more at www.foodsmart.com
About the role:We are seeking a highly experienced and versatile Staff Security Engineer to lead our security efforts. This role is critical to our mission, ensuring the protection of sensitive health data and maintaining the trust of our clients. As part of a small, dynamic team, you will have the opportunity to take on multiple roles, from strategic planning to hands-on implementation.The Staff Security Engineer will play a key role in maintaining the overall security posture of the company and will report directly to the Chief Architect 

You will:

• Design and build a comprehensive security program that aligns with industry standards and regulations specific to digital health and data protection (e.g., HIPAA, GDPR).
• Conduct regular security assessments, risk analyses, and penetration testing to identify vulnerabilities. Develop and implement risk mitigation strategies.
• Lead the response to any security incidents, including investigation, mitigation, and reporting. Develop and maintain an incident response plan.
• Ensure that all systems, policies, and procedures meet or exceed regulatory and compliance requirements. Stay updated with changes in laws and regulations affecting digital health security.
• Work closely with the development, operations, and product teams to integrate security practices into the software development lifecycle and operational processes.
• Develops strong partnerships with client management, business clients, application developers, software vendors and other technical resources which includes, but not limited to, legal, compliance, and privacy
• Maintain close relationships with the business to understand strategy, processes, plans and needs to help influence planning by advising on best practices, innovation/technology enablement opportunities
• Promote a culture of security awareness within the company by providing training and resources to team members.

You are:

• Proactive in addressing security challenges with technology, not just process, and have a demonstrated history of enabling software developers with usable tools and actionable security guidance.
• Comfortable communicating security risks and controls to both technical and non-technical partners.
• Experienced in security code review, threat modeling, security architecture reviews, and developing high-signal low-noise security automation.
• Enthusiastic about working to improve all aspects of the Software Development Life Cycle and working with product managers to create a secure and delightful experience for our customers.
• Excellent at effectively with business partners, customers, brokers, third party suppliers/partners, and systems resources at all levels.
• You are proficient in delivering effective, high-quality solutions in a timely manner, adept at balancing shifting priorities and managing accelerated timelines when necessary.

You have:

• At least 8 years of experience in information security, with a proven track record in developing and managing security programs. Experience working in multiple startups is highly desirable.
• Deep understanding of security principles, frameworks, and standards (e.g., ISO 27001, NIST, CIS Controls). Experience with cloud security, application security, and network security.
• Relevant security certifications (e.g., CISSP, CISM, CEH) are preferred.
• Strong analytical and problem-solving skills. Excellent communication and leadership abilities. Ability to work independently and as part of a team in a fast-paced environment.
• Excellent written and verbal communication skills, with the ability to interact effectively with internal and external stakeholders.
• Comfortable taking on multiple roles and responsibilities. Agile and able to pivot according to the evolving needs of the company.
• A strong commitment to privacy and data protection, particularly within the digital health space.

About our benefits and perks:
Remote-First CompanyUnlimited PTOHealthcare Coverage (Medical, Dental, Vision)401k, bonus, & stock optionsGym reimbursement 
Foodsmart  is an equal opportunity employer and values diversity. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, disability status, or any other protected class.