[Remote] Staff Software Engineer - Product Security
Note: The job is a remote job and is open to candidates in USA. Maven Clinic is the world's largest virtual clinic for women and families, focused on making healthcare accessible and effective. The Staff Software Engineer - Product Security will design and implement security infrastructure, ensuring compliance and leading initiatives to enhance security across the organization.ResponsibilitiesDesign and implement scalable infrastructure supporting HIPAA, SOC 2, and ISO 27001 complianceBuild and maintain systems for identity, authentication, and access management (Okta / GCP IAM / Auth0/ OPA)Implement observability and anomaly detection across microservices, data stores, and SaaS platformsEstablish Zero Trust principles and enforce least-privilege access company-wideDevelop compliance observability dashboards and automated evidence collectionCreate self-service security tools that integrate with developer workflows (GitLab CI/CD, Terraform)Automate onboarding/offboarding, access reviews, and approvalsIntegrate software-supply-chain security (SBOM, dependency scanning)Develop or adopt AI-assisted security tooling to proactively identify risksAutomate policy enforcement, SAST/DAST scans, and compliance verificationLead threat modeling and security architecture reviews for new products and servicesPartner with product and data teams to embed secure-by-default design patternsEnsure encryption, access tracking, and secure data handling across PHI workflowsContribute to incident response, post-mortems, and continual improvement of security postureAct as Maven’s technical authority for security engineeringMentor peers and promote secure coding and architecture practicesPartner cross-functionally (Engineering, Compliance, Clinical, Legal) to align on security strategyChampion an engineering culture of transparency, accountability, and continuous improvementSkills8+ years of software engineering experience, including 3+ in security infrastructure or application securityProven ability to design and implement large-scale, distributed, cloud-native systemsStrong coding proficiency in Python, TypeScript, Go and/or RustDeep understanding of cloud security (GCP preferred; AWS/Azure welcome)Experience with Kubernetes, containers, and infrastructure-as-code (Terraform)Familiarity with security testing frameworks and secure SDLC principlesExcellent communication and documentation skillsExpertise in Zero Trust architectures, authentication/authorization frameworks, and data-loss preventionExperience with security compliance automation (SOC 2, ISO 27001, PCI-DSS, NIST)Background in data security telemetry and threat detectionFamiliarity with AI/ML security and AI-assisted analysis toolsExposure to supply-chain security and CI/CD pipeline hardeningCertifications (CISSP, GCP Professional Cloud Security Engineer, OSCP) a plusBenefitsEquity and benefitsMaven for Mavens: access to the full platform and specialists, including care for mental health, reproductive health, family planning and pediatrics.Whole-self care through wellness partnershipsHybrid work, in office meals, and work together days16 weeks 100% paid parental leave and new parent stipend (for Mavens who've been with us for 1 year+)Annual professional development stipend and access to a personal career coach through Maven for Mavens401K matching for US-based employees, with immediate vestingCompany OverviewMaven is a digital health platform that works with health plans and employers to offer virtual services for women’s and family health. It was founded in 2014, and is headquartered in New York, New York, USA, with a workforce of 201-500 employees. Its website is http://www.mavenclinic.com.Company H1B SponsorshipMaven Clinic has a track record of offering H1B sponsorships, with 5 in 2025, 5 in 2024, 8 in 2023, 2 in 2022. Please note that this does not guarantee sponsorship for this specific role.