Product Security Engineer
USA
Our healthcare system is the leading cause of personal bankruptcy in the U.S. Every year, over 50 million Americans suffer adverse financial consequences as a result of seeking care, from lower credit scores to garnished wages. The challenge is only getting worse, as high deductible health plans are the fastest growing plan design in the U.S.
Cedar’s mission is to leverage data science, smart product design and personalization to make healthcare more affordable and accessible. Today, healthcare providers still engage with its consumers in a “one-size-fits-all” approach; and Cedar is excited to leverage consumer best practices to deliver a superior experience.
The Role
U.S. healthcare is frustrating and deeply flawed. Cedar’s mission is to drive better outcomes for everyone involved, including providers, insurance companies and the people they serve. At a time when consumer-friendly healthcare experiences are more critical than ever, our platform is uniquely equipped to solve problems that lead to billing issues and administrative waste.
The Product Security team at Cedar combines deep application security expertise with software development in order to help build our patient-focused solutions efficiently and safely. As a Product Security Engineer at Cedar, you will work with an inquisitive, diverse, and experienced team on a platform that is rapidly scaling. You’ll help solve problems that matter, affecting tens of millions of patients annually.
Our core tenets include using good judgment and having the autonomy to be successful. Your role will be to assess risk across the company and make decisions about the risk we should prioritize. On an average day you might participate in a security-focused design review, write code to create new security tooling, or create educational materials to improve security awareness across the company. At Cedar, we don’t require experience with particular languages, but deep familiarity with modern and industry-standard technologies in our tech stack is always a plus.
About You
- You’re an application security engineer who prioritizes addressing security challenges with technology, not process
- You have a demonstrated history of enabling software developers with actionable security guidance
- You’re comfortable communicating security risks and controls to technical and non-technical partners
- You have experience with security code review, threat modeling or security architecture reviews. You can identify vulnerability paths, explain how they could be exploited, and are familiar with options for mitigation.
- You have a working proficiency with a general-purpose programming language (ideally Python)
Bonus Points if you have
- Familiarity with HIPAA, PCI, and the unique considerations around securing health and payments data
- Experience creating developer focused security tooling or libraries
- Participation in security capture-the-flag events
Responsibilities
- Support services and tools that help product and platform engineers build, deploy, and maintain Cedar products safely and efficiently.
- Serve as a Security Partner for multiple engineering teams across the SSDLC, evangelizing security and helping threat model features, bake security into designs, and review code and implementations
- Contribute to security automation projects, such as static analysis, vulnerability management, and asset inventory
Applicants must be currently authorized to work in the United States on a full-time basis.
Compensation Range and Benefits
- Salary/Hourly Rate Range*: $157,250 - $185,000
- This role is equity eligible
- This role offers a competitive benefits and wellness package
*Subject to location, experience, and education
#LI-CR1
#LI-REMOTE
What do we offer to the ideal candidate?
- A chance to improve the U.S. healthcare system at a high-growth company! Our leading healthcare financial platform is scaling rapidly, helping millions of patients per year
- Unless stated otherwise, most roles have flexibility to work from home or in the office, depending on what works best for you
- For exempt employees: Unlimited PTO for vacation, sick and mental health days–we encourage everyone to take at least 20 days of PTO per year to ensure dedicated time to spend with loved ones, explore, rest and recharge
- 16 weeks paid parental leave with health benefits for all parents, plus flexible re-entry schedules for returning to work
- Diversity initiatives that encourage Cedarians to bring their whole selves to work, including the Cedarian Advisory Group (a cross-functional cohort focused on increasing internal inclusiveness at Cedar) and three employee resource groups: be@cedar (for BIPOC-identifying Cedarians and their allies), Pridecones (for LGBTQIA+ Cedarians and their allies) and Cedar Women+ (for female-identifying Cedarians)
- Competitive pay, equity (for qualifying roles) and health benefits that start on the first of the month following your start date (or on your start date if your start date coincides with the first of the month)
- Cedar matches 100% of your 401(k) contributions, up to 3% of your annual compensation
- Access to hands-on mentorship, employee and management coaching, and a team discretionary budget for learning and development resources to help you grow both professionally and personally
About us
Cedar was co-founded by Florian Otto and Arel Lidow in 2016 after a negative medical billing experience inspired them to help improve our healthcare system. With a commitment to solving billing and patient experience issues, Cedar has become a leading healthcare technology company fueled by remarkable growth. Over the past several years, we’ve raised more than $350 million in funding from investors such as Andreessen Horowitz and Tiger Global, bringing Cedar’s valuation to $3.2 billion.
As of December 2023, Cedar is engaging with 25 million patients on an annualized basis, and is on target to process $2.6 billion in patient payments annually. Cedar’s ambition is to serve 50-60 million Americans by 2025, about half of the U.S. population that makes medical payments annually. Cedar partners with more than 55 leading healthcare providers and payers including Highmark Inc., Allegheny Health Network, Novant Health, Allina Health and Providence.
ApplyJob Profile
Full-time basis Must be authorized to work in the USA
Benefits/Perks16 weeks paid parental leave Competitive benefits Competitive benefits and wellness package Competitive benefits package Competitive pay Diversity initiatives Equity eligible Flexibility to work from home Health benefits Unlimited PTO Wellness package
Tasks- Assess risk
- Create security tooling
- Educate on security awareness
- Participate in security design reviews
Application Security Architecture Asset inventory Benefits Coaching Compensation Data Science Flexibility Healthcare Technology HIPAA PCI Product Design Python Security Architecture Security Automation Security code review Security Tooling Software Development Static Analysis Threat modeling Vulnerability Management
Education TimezonesAmerica/Anchorage America/Chicago America/Denver America/Los_Angeles America/New_York Pacific/Honolulu UTC-10 UTC-5 UTC-6 UTC-7 UTC-8 UTC-9