[Remote] Senior Software Engineer, Product Security
Note: The job is a remote job and is open to candidates in USA. Pomelo Care is the leading virtual medical practice for women and children, providing care across various stages of life. They are seeking a Senior Software Engineer, Product Security to build automation and tools that integrate security into the software development lifecycle, ensuring the protection of critical systems and patient data.ResponsibilitiesDesign and implement auth enhancements such as magic link improvements and access/audit log features to monitor access and improve transparencyLead the privacy engineering initiatives including DSAR integration, building automated data deletion capabilities directly into the Pomelo mobile app and our internal platform to ensure seamless complianceOwn the end-to-end pentest-to-fix lifecycle, triaging reports, writing code to fix penetration test findings, remediating SAST issues, and building systems for high-volume dependency patching with regression testingBuild secure-by-default libraries to reduce the load on core Software Engineering by creating internal libraries and patterns that make security the default pathPartner with engineering leads to conduct threat modeling and ensure secure design at the earliest stages of the development processHelp engineering squads navigate complex security use cases, translating GRC requirements into elegant code rather than manual checklistsSkills5+ years of software engineering experienceStrong foundation in computer scienceTrack record of shipping production-grade code (Python, Go, Kotlin or similar)Understanding of the OWASP Top 10Understanding of identity flows and prompt injectionsAbility to build systems that eliminate a class of vulnerabilityExperience with practical automationAbility to navigate ambiguity and context-switch across various engineering teamsAbility to build rapport with different engineering teamsExperience with Google Cloud Platform (GCP)Experience with Github Advanced Security (GHAS)Experience with Stytch, Sentry, Fullstory, Statsig or similar technology stackPrior experience in healthcare data, including understanding of HIPAA, SOC 2 Type 2 and HITRUST compliance requirementsExperience building data infrastructure that supports AI/ML workloadsExperience with internal developer platforms and privacy preserving data de-identification and anonymization techniquesPrevious work experience in a fast-paced, product-oriented startup environmentBenefitsComprehensive Health, Dental, and Vision coverage for employees and their familiesHigh deductible Health Plans with Health Savings Account (HSA) optionsFlexible Spending Account (FSA)Equity grant participation401(k) programCompetitive vacation policy16 weeks paid parental leaveFully remote work flexibility (within the US)Company OverviewPomelo Care is a health technology company that develops evidence-based healthcare solutions for women and children. It was founded in 2021, and is headquartered in New York, New York, USA, with a workforce of 201-500 employees. Its website is https://pomelocare.com.