Staff Security Engineer
The Role
Maintaining the security and privacy of our users is paramount to Modern Health’s mission. As a Staff Security Engineer, you will operate as a key technical leader, responsible for setting the long-term security vision and strategic direction for our product and cloud environments. You will tackle the most complex, ambiguous security challenges, acting as a force multiplier across the entire engineering organization to ensure our commitment to privacy, security, and compliance remains world-class.
This is a unique opportunity to leverage deep engineering expertise and security domain knowledge to make a direct and massive impact in people's lives. We need a security leader who can mitigate systemic risk by increasing automation, defining secure architectural patterns, and embedding security principles across all product teams.
This role will be part of the Product Security (ProdSec) team, report to the Head of Security, and can be based anywhere in the United States. This is a unique opportunity to be a security leader at a fast growing company, and the work done by this position will lay the foundation for security at Modern Health for years to come!
This position is not eligible to be performed in Hawaii.
What You’ll Do
Define and drive the strategic roadmap for proactive security vulnerability analysis in web and mobile applications, setting the organizational standard for risk determination and leading complex, company-wide remediations.
Establish the technical vision and program for integrating robust security controls at every stage of the Software Development Life Cycle (SDLC), championing secure development practices and scalable agile delivery.
Architect, deploy, and manage defensive security tooling (e.g., SAST, DAST, SCA) and evaluate new industry-leading application security solutions to create a robust, automated security platform.
Lead the maturation of the Product and Application Security Program by developing and implementing security policies, standards, and metrics to continually raise the security bar and demonstrate compliance.
Lead collaborative and cross-functional threat modeling initiatives for core systems, new features, and evolving services, ensuring proactive risk identification and structural security improvement.
Act as a force multiplier across the organization, actively mentoring engineers and driving the adoption of secure coding standards, best practices, and security-focused architecture.
Routinely test, audit, and assess the security posture of application and cloud infrastructure configurations, focusing on automation and continuous compliance.
Engage with Cloud Security efforts by partnering with DevOps and Infrastructure teams to assess, improve, and monitor cloud architecture, security policies, and cloud-native controls to ensure secure deployment and operations.
Develop and advocate for cost-effective, scalable, and complex solutions to address application and product security challenges across the business.
Who You Are
You are a passionate technical leader with a deep sense of ownership who drives large-scale, cross-functional projects to completion.
You are an expert in secure software development practices, security-focused architecture, and infrastructure that aligns with product objectives and business needs.
You drive the adoption of application and product security best practices across engineering teams and influence business-wide security initiatives.
You have extensive hands-on experience with vulnerability management, secure code review, threat modeling, and industry-standard tools for application and product security.
You have hands-on experience with at least one scripting language (Python and/or Bash preferred).
You thrive in fast-paced, collaborative environments, working closely with developers, product managers, and cross-functional stakeholders to secure web and mobile applications.
You are able to assess, prioritize, and execute on ambiguous and complex projects independently.
You bring 8+ years of progressive experience in product/application security or a related security-focused engineering field.
You have demonstrated experience guiding teams and integrating security into agile product delivery.
You have excellent written and verbal communication skills, capable of articulating technical risk to both engineering and executive audiences.
Bonus Points
Working at a high growth startup
Working on SaaS software
Working in Health Tech
Software engineering experience
Our Stack
AWS: ECS and cloud hosting
Gitlab: CI/CD
Python: Django, Flask, aiohttp
Data: PostgreSQL, Redis
Monitoring: Datadog and Sentry
IaC: Terraform, Packer
Benefits
Fundamentals:
Medical / Dental / Vision / Disability / Life Insurance
High Deductible Health Plan with Health Savings Account (HSA) option
Flexible Spending Account (FSA)
Access to coaches and therapists through Modern Health's platform
Generous Time Off
Company-wide Collective Pause Days
Family Support:
Parental Leave Policy
Family Forming Benefit through Carrot
Family Assistance Benefit through UrbanSitter
Professional Development:
Professional Development Stipend
Financial Wellness:
401k
Financial Planning Benefit through Origin
But wait there’s more…!
Annual Wellness Stipend to use on items that promote your overall well being
New Hire Stipend to help cover work-from-home setup costs
ModSquad Community: Virtual events like active ERGs, holiday themed activities, team-building events and more
Monthly Cell Phone Reimbursement
Equal Pay for Equal Work Act Information
Please refer to the ranges below to find the starting annual pay range for individuals applying to work remotely from the following locations for this role.
Zone 1: San Francisco Bay Area and New York City Metro
Zone 2: All other California locations and Seattle, WA
Zone 3: All other New York locations, All other Washington locations, Washington DC, Austin, TX, CT, IL, MA, NH, NJ, OR, RI, VT
Zone 4: All other Texas locations, AL, AK, AZ, AR, CO, DE, FL, GA, HI, ID, IN, IA, KS, KY, LA, ME, MD, MI, MN, MS, MO, MT, NE, NV, NM, NC, ND, OH, OK, PA, SC, SD, TN, UT, VA, WV, WI, WY
Compensation for the role will depend on a number of factors, including a candidate's qualifications, skills, competencies, and experience and may fall outside of the range shown. Ranges are not necessarily indicative of the associated starting pay range in other locations. Full-time employees are also eligible for Modern Health's equity program and incredible benefits package. See our Careers page for more information.
Depending on the scope of the role, some ranges are indicative of On Target Earnings (OTE) and includes both base pay and commission at 100% achievement of established targets.
Zone 1
$160,700—$189,000 USD
Zone 2
$160,700—$189,000 USD
Zone 3
$144,630—$170,100 USD
Zone 4
$136,595—$160,650 USD
About the job
Apply for this position
Staff Security Engineer
The Role
Maintaining the security and privacy of our users is paramount to Modern Health’s mission. As a Staff Security Engineer, you will operate as a key technical leader, responsible for setting the long-term security vision and strategic direction for our product and cloud environments. You will tackle the most complex, ambiguous security challenges, acting as a force multiplier across the entire engineering organization to ensure our commitment to privacy, security, and compliance remains world-class.
This is a unique opportunity to leverage deep engineering expertise and security domain knowledge to make a direct and massive impact in people's lives. We need a security leader who can mitigate systemic risk by increasing automation, defining secure architectural patterns, and embedding security principles across all product teams.
This role will be part of the Product Security (ProdSec) team, report to the Head of Security, and can be based anywhere in the United States. This is a unique opportunity to be a security leader at a fast growing company, and the work done by this position will lay the foundation for security at Modern Health for years to come!
This position is not eligible to be performed in Hawaii.
What You’ll Do
Define and drive the strategic roadmap for proactive security vulnerability analysis in web and mobile applications, setting the organizational standard for risk determination and leading complex, company-wide remediations.
Establish the technical vision and program for integrating robust security controls at every stage of the Software Development Life Cycle (SDLC), championing secure development practices and scalable agile delivery.
Architect, deploy, and manage defensive security tooling (e.g., SAST, DAST, SCA) and evaluate new industry-leading application security solutions to create a robust, automated security platform.
Lead the maturation of the Product and Application Security Program by developing and implementing security policies, standards, and metrics to continually raise the security bar and demonstrate compliance.
Lead collaborative and cross-functional threat modeling initiatives for core systems, new features, and evolving services, ensuring proactive risk identification and structural security improvement.
Act as a force multiplier across the organization, actively mentoring engineers and driving the adoption of secure coding standards, best practices, and security-focused architecture.
Routinely test, audit, and assess the security posture of application and cloud infrastructure configurations, focusing on automation and continuous compliance.
Engage with Cloud Security efforts by partnering with DevOps and Infrastructure teams to assess, improve, and monitor cloud architecture, security policies, and cloud-native controls to ensure secure deployment and operations.
Develop and advocate for cost-effective, scalable, and complex solutions to address application and product security challenges across the business.
Who You Are
You are a passionate technical leader with a deep sense of ownership who drives large-scale, cross-functional projects to completion.
You are an expert in secure software development practices, security-focused architecture, and infrastructure that aligns with product objectives and business needs.
You drive the adoption of application and product security best practices across engineering teams and influence business-wide security initiatives.
You have extensive hands-on experience with vulnerability management, secure code review, threat modeling, and industry-standard tools for application and product security.
You have hands-on experience with at least one scripting language (Python and/or Bash preferred).
You thrive in fast-paced, collaborative environments, working closely with developers, product managers, and cross-functional stakeholders to secure web and mobile applications.
You are able to assess, prioritize, and execute on ambiguous and complex projects independently.
You bring 8+ years of progressive experience in product/application security or a related security-focused engineering field.
You have demonstrated experience guiding teams and integrating security into agile product delivery.
You have excellent written and verbal communication skills, capable of articulating technical risk to both engineering and executive audiences.
Bonus Points
Working at a high growth startup
Working on SaaS software
Working in Health Tech
Software engineering experience
Our Stack
AWS: ECS and cloud hosting
Gitlab: CI/CD
Python: Django, Flask, aiohttp
Data: PostgreSQL, Redis
Monitoring: Datadog and Sentry
IaC: Terraform, Packer
Benefits
Fundamentals:
Medical / Dental / Vision / Disability / Life Insurance
High Deductible Health Plan with Health Savings Account (HSA) option
Flexible Spending Account (FSA)
Access to coaches and therapists through Modern Health's platform
Generous Time Off
Company-wide Collective Pause Days
Family Support:
Parental Leave Policy
Family Forming Benefit through Carrot
Family Assistance Benefit through UrbanSitter
Professional Development:
Professional Development Stipend
Financial Wellness:
401k
Financial Planning Benefit through Origin
But wait there’s more…!
Annual Wellness Stipend to use on items that promote your overall well being
New Hire Stipend to help cover work-from-home setup costs
ModSquad Community: Virtual events like active ERGs, holiday themed activities, team-building events and more
Monthly Cell Phone Reimbursement
Equal Pay for Equal Work Act Information
Please refer to the ranges below to find the starting annual pay range for individuals applying to work remotely from the following locations for this role.
Zone 1: San Francisco Bay Area and New York City Metro
Zone 2: All other California locations and Seattle, WA
Zone 3: All other New York locations, All other Washington locations, Washington DC, Austin, TX, CT, IL, MA, NH, NJ, OR, RI, VT
Zone 4: All other Texas locations, AL, AK, AZ, AR, CO, DE, FL, GA, HI, ID, IN, IA, KS, KY, LA, ME, MD, MI, MN, MS, MO, MT, NE, NV, NM, NC, ND, OH, OK, PA, SC, SD, TN, UT, VA, WV, WI, WY
Compensation for the role will depend on a number of factors, including a candidate's qualifications, skills, competencies, and experience and may fall outside of the range shown. Ranges are not necessarily indicative of the associated starting pay range in other locations. Full-time employees are also eligible for Modern Health's equity program and incredible benefits package. See our Careers page for more information.
Depending on the scope of the role, some ranges are indicative of On Target Earnings (OTE) and includes both base pay and commission at 100% achievement of established targets.
Zone 1
$160,700—$189,000 USD
Zone 2
$160,700—$189,000 USD
Zone 3
$144,630—$170,100 USD
Zone 4
$136,595—$160,650 USD