Principal Security Engineer - hims & hers San Francisco, California, United States Bookmark Share Print 283 0 0

Listing Description

About Hims & Hers:


Hims & Hers Health, Inc. (better known as Hims & Hers) is a multi-specialty telehealth platform building a virtual front door to the healthcare system. Hims & Hers connects consumers to licensed healthcare professionals, enabling people to access high-quality medical care—from wherever is most convenient—for numerous conditions related to primary care, mental health, sexual health, skincare, and more. Launched in November 2017, the platform also offers thoughtfully created and curated health and wellness products. With products and services available across all 50 states and Washington, D.C., Hims & Hers' mission is to make it easier for all Americans to access affordable care and treatment for conditions that impact their daily lives. In January 2021, we were listed on the NYSE at an initial valuation of $1.6 billion and is traded under the ticker symbol "HIMS". To learn more about our brand and offerings, you can visit forhims.com and forhers.com.


As a Principal Security Engineer, you will be a thought leader as part of the Security Team focused on helping design, implement and mature innovative and cutting edge security capabilities. The Security Architect champions secure by design and defense in-depth principles into our initiatives, provides hands-on technical leadership for security domains, assists with defining vision and execution of strategy aligning to business needs and is expected to help solve a wide range of security challenges. The Security Architecture is part of a highly collaborative security program and an engineering culture driven technology organization.


You Will:



  • Develop and promote security architecture and design strategies, frameworks and patterns while collaborating closely with engineering, and product organization

  • Actively partner with stakeholders to understand business requirements and develop supporting security and resiliency principles to ensure adoption of industry best practices

  • Ensure information security and regulatory requirements are effectively integrated into new or improved systems

  • Demonstrates expert technology competence in security domains including but not limited to application, cloud, resiliency, identity and access management, and data security

  • Establish credibility among technology experts as the subject matter expert across security disciplines

  • Review and influence the security of vendor applications and systems to ensure they meet our security objectives and can be implemented securely

  • Analyze technical risks of existing systems and application against correlating policies and risks, and provides appropriate remediation or risk reduction plans

  • Define, publish, and implement Security Standards / Frameworks

  • Effectively communicates across departments and leadership groups and builds consensus in support of strategic objectives

  • Establish security vision and roadmap while ensuring it aligns with the cybersecurity strategy, enterprise business and technology strategy, and industry trends.

  • Mentor and guide engineering teams on security best practices

  • Serve as a champion for secure SDLC and secure cloud adoption

  • Threat modeling, end-to-end security evaluation


You Have:



  • Bachelor's degree in Computer Science, Engineering, Information Systems, or equivalent background or experience

  • 10+ years of relevant technical experience

  • 8+ years of security experience.

  • 5+ years of experience working with cloud-based platforms (AWS, Azure, GCP) in an enterprise environment

  • Prior experience in healthcare industry including strong understanding of HIPAA Privacy and Security Rule preferred

  • Experience in the IAM domain including tools (Okta, Centrify, CyberArk, Ping) preferred

  • Significant experience with Java/Kotlin, JavaScript, web services (REST/SOAP) and modern development and delivery techniques

  • Strong knowledge of authentication and authorization industry standards such as, SAML, OpenID, OAuth2

  • CISSP, CCSP,  and AWS Cloud certification desirable

  • Familiarity with infrastructure as code tools (Terraform, etc.)

  • Experience developing solutions in an iterative (Agile) approach and hands-on knowledge of DevSecOps practices

  • Experience deploying, managing, operating, and monitoring of applications in scalable, highly available and fault tolerant environments


Our Benefits (there are more but here are some highlights):



  • Medical, Dental, and Vision healthcare plans

  • Unlimited PTO

  • Generous Parental Leave

  • 401k Match

  • Equity

  • Employee Stock Purchase Program


Hims is an Equal Opportunity Employer and considers applicants for employment without regard to race, color, religion, sex, orientation, national origin, age, disability, genetics or any other basis forbidden under federal, state, or local law. Hims considers all qualified applicants in accordance with the San Francisco Fair Chance Ordinance.


Listing Details

  • Citizenship: Not Provided
  • Incentives: Not Provided

 

  • Education: Not Provided
  • Travel: Not Provided
  • Telework: Not Provided



About Us

NinjaJobs is a community-run job platform developed by information security professionals. Our unique approach of focusing strictly on cybersecurity positions allows us to personalize the user experience.

Our Contacts

1765 Greensboro Station Pl.
Suite 900
Tysons Corner Va 22102

(703) 594-7765