Senior Security Engineer, Product & Apps

Hims & Hers Health, Inc. (better known as Hims & Hers) is the leading health and wellness platform, on a mission to help the world feel great through the power of better health. We are revolutionizing telehealth for providers and their patients alike. Making personalized solutions accessible is of paramount importance to Hims & Hers and we are focused on continued innovation in this space. Hims & Hers offers nonprescription products and access to highly personalized prescription solutions for a variety of conditions related to mental health, sexual health, hair care, skincare, heart health, and more.

Hims & Hers is a public company, traded on the NYSE under the ticker symbol “HIMS”. To learn more about the brand and offerings, you can visit hims.com and forhers.com, or visit our investor site. For information on the company’s outstanding benefits, culture, and its talent-first flexible/remote work approach, see below and visit www.hims.com/careers-professionals.

About the Role:

As a Senior Security Engineer, you will be a thought leader in the Security Team focused on helping design, implement, and mature innovative and cutting-edge security capabilities. Senior Security Engineer ensures defense-in-depth, provides hands-on technical leadership for security domains, assists with defining vision and execution of strategy aligning to business needs, and is also expected to help solve a wide range of security challenges. The Senior Security Engineer is part of a highly collaborative security program and an engineering culture-driven technology organization.

You Will:

• Ownership of security scanning complex (SAST, SCA, DAST, etc.)  
• Develop and promote security architecture and design strategies, frameworks, and patterns while collaborating closely with engineering, and product organization
• Actively partner with stakeholders to understand business requirements and develop supporting security and resiliency principles to ensure the adoption of industry best practices
• Ensure information security and regulatory requirements are effectively integrated into new or improved systems
• Demonstrates expert technology competence in security domains including but not limited to application, cloud, resiliency, identity, access management, and data security
• Establish credibility among technology experts as the subject matter expert across security disciplines
• Review and influence the security of vendor applications and systems to ensure they meet our security objectives and can be implemented securely
• Analyze technical risks of existing systems and applications against correlating policies and risks, and provide appropriate remediation or risk reduction plans
• Participate in the design and execution of vulnerability assessments, red team /penetration tests, security audits, and cybersecurity exercises
• Define, publish, and implement Security Standards / Frameworks
• Effectively communicates across departments and leadership groups and builds consensus in support of strategic objectives
• Establish a security vision and roadmap while ensuring it aligns with the cybersecurity strategy, enterprise business and technology strategy, and industry trends.
• Mentor and guide engineering teams on security best practices
• Serve as a champion for secure SDLC and secure cloud adoption
• Threat modeling, end-to-end security evaluation

You Have:

• Bachelor's degree in Computer Science, Engineering, Information Systems, or equivalent background or experience
• 8+ years of relevant technical experience
• 5+ years of security experience
• Prior experience with Mobile and API security
• Deep understanding of the Twelve-Factor App methodology
• Prior experience working with cloud-based platforms (AWS, Azure, GCP) in an enterprise environment
• Prior experience with security scanning tools (SAST, DAST, SCA, etc.), PEN Testing, and the Bug Bounty program
• Prior experience in the healthcare industry including a strong understanding of HIPAA Privacy and Security Rules preferred
• Experience in the IAM domain including tools (Okta, Centrify, CyberArk, Ping) preferred
• Significant experience with Java/Kotlin, JavaScript, web services (REST/SOAP), and modern development and delivery techniques
• Strong knowledge of authentication and authorization industry standards such as SAML, OpenID, OAuth2
• CISSP, CCSP,  and AWS Cloud certification desirable
• Experience developing solutions in an iterative (Agile) approach and hands-on knowledge of DevSecOps practices 

Our Benefits (there are more but here are some highlights):

• Competitive salary & equity compensation for full-time roles
• Unlimited PTO, company holidays, and quarterly mental health days
• Comprehensive health benefits including medical, dental & vision, and parental leave
• Employee Stock Purchase Program (ESPP)
• Employee discounts on hims & hers & Apostrophe online products
• 401k benefits with employer matching contribution
• Offsite team retreats

#LI-Remote

Outlined below is a reasonable estimate of H&H’s compensation range for this role for US-based candidates. If you're based outside of the US, your recruiter will be able to provide you with an estimated salary range for your location.

The actual amount will take into account a range of factors that are considered in making compensation decisions including but not limited to skill sets, experience and training, licensure and certifications, and location. H&H also offers a comprehensive Total Rewards package that may include an equity grant.

Consult with your Recruiter during any potential screening to determine a more targeted range based on location and job-related factors. We don’t ever want the pay range to act as a deterrent from you applying!

We are focused on building a diverse and inclusive workforce. If you’re excited about this role, but do not meet 100% of the qualifications listed above, we encourage you to apply.

Hims is an Equal Opportunity Employer and considers applicants for employment without regard to race, color, religion, sex, orientation, national origin, age, disability, genetics or any other basis forbidden under federal, state, or local law. Hims considers all qualified applicants in accordance with the San Francisco Fair Chance Ordinance.

Hims & hers is committed to providing reasonable accommodations for qualified individuals with disabilities and disabled veterans in our job application procedures. If you need assistance or an accommodation due to a disability, you may contact us at accommodations@forhims.com. Please do not send resumes to this email address.

For our California-based applicants – Please see our California Employment Candidate Privacy Policy to learn more about how we collect, use, retain, and disclose Personal Information.