Lead Cyber Security Engineer

Included Health

Included Health

Remote
Posted on Thursday, January 11, 2024
About the role:
At Included Health, we're at the forefront of technological innovation in healthcare. Our platform features an extensive array of advanced technologies, from robust microservices enabling uninterrupted 24/7 care, to sophisticated machine learning models that tailor the care experience for each member, celebrating diversity and inclusivity. We are not just building healthcare services; we are crafting the future of healthcare itself.
As our Lead Security Engineer, you will be integral to our mission, working hand-in-hand with our engineering teams to protect our members as we pioneer these groundbreaking technologies. Your day might involve tightening our cloud configurations to secure our infrastructure, conducting thorough security assessments of new services, or collaborating with our machine learning team to securely drive artificial intelligence projects.
We're looking for a candidate who not only possesses a broad base of security knowledge but also specializes in several areas of deep expertise. Your ability to lead, influence, and communicate clearly will be vital. You should be naturally comfortable explaining complex risks to both technical and non-technical stakeholders, bridging gaps in understanding, and guiding teams toward secure solutions with a balance of firm expertise and diplomatic skill.
Join our Cybersecurity team at Included Health to work hard, have fun, and make a lasting impact on the healthcare industry!

  • Collaborate with cross-functional teams to integrate security in their software development lifecycle, emphasizing compliance and vulnerability management.
  • Partner with engineering to develop and enhance secure services, platforms and applications.
  • Drive the adoption of security best practices, focusing on secure coding and architectural decisions.
  • Conduct comprehensive risk assessments, support penetration testing efforts, and perform thorough code and architectural reviews.
  • Apply expertise in modern security methodologies, including authentication, mobile security, cryptography, and secure design.
  • Proactively model threats for upcoming features and products, anticipating security challenges.
  • Mentor other security team members and engineers, cultivating a culture of innovation and collaborative learning.
  • Promote security awareness within the organization, advocating for secure behavior and methods.
  • Direct swift and effective incident response and forensic analysis, ensuring continuous process improvement.
  • Communicate security strategies clearly, building and maintaining strong relationships across the enterprise.

Basic Qualifications:

  • Bachelor’s degree in Computer Science, Engineering, or related field, or equivalent experience.
  • 7+ years of experience working in Security Engineering or Security Engineering plus Software Engineering.
  • Proficiency in at least one programming language and ability to understand several programming languages.
  • Deep understanding of web application architecture and design.
  • Understanding of security flaws and resolutions (OWASP10, SANS25).
  • Familiarity with DAST, SAST, IAST tools.
  • Experience participating or leading Vulnerability Management programs.
  • Experience building and securing complex cloud architecture in AWS.
  • Deep understanding of container and orchestrators security, microservices architecture, and infrastructure-as-code.
  • Excellent written and verbal communication skills.
  • Empathetic communication for constructive feedback.
  • Ability to negotiate priorities across teams.
  • Skills in pattern recognition and complex issue investigation.
  • Organizational skills for detailed documentation.

Desirable Qualifications:

  • Deep understanding of iOS and Android application architecture and design.
  • Proficiency in Python or Go programming languages.
  • Experience building and securing complex cloud architecture in AWS, GCP and Azure.
  • Experience using Terraform for cloud infrastructure automation.
  • Experience securing containers and Kubernetes clusters.
  • Security training or certifications (SANS GWAPT, OSCP, OSWE, CKS, AWS Certified Security, etc).
  • Previous experience working in a startup environment or in Healthcare.
The United States new hire base salary target ranges for this full-time position are:
Zone A: $156,200 - $232,400 + equity + benefits
Zone B: $130,200 - $193,650 + equity + benefits
This range reflects the minimum and maximum target for new hire salaries for candidates based on their respective Zone. Below is additional information on Included Health's commitment to maintaining transparent and equitable compensation practices across our distinct geographic zones.
Starting base salary for the successful candidate will depend on several job-related factors, unique to each candidate, which may include, but not limited to, education; training; skill set; years and depth of experience; certifications and licensure; business needs; internal peer equity; organizational considerations; and alignment with geographic and market data. Compensation structures and ranges are tailored to each zone's unique market conditions to ensure that all employees receive fair and competitive compensation based on their roles and locations. Your Recruiter can share your geographic zone alignment upon inquiry.
In addition to receiving a competitive base salary, the compensation package may include, depending on the role, the following:
Remote-first culture
401(k) savings plan through Fidelity
Comprehensive medical, vision, and dental coverage through multiple medical plan options (including disability insurance)
Full suite of Included Health telemedicine (e.g. behavioral health, urgent care, etc.) and health care navigation products and services offered at no cost for employees and dependents
Generous Paid Time Off ("PTO") and Discretionary Time Off (“DTO")
12 weeks of 100% Paid Parental leave
Up to $25,000 Fertility and Family Building Benefit
Compassionate Leave (paid leave for employees who experience a failed pregnancy, surrogacy, adoption or fertility treatment)
11 Holidays Paid with one Floating Paid Holiday
Work-From-Home reimbursement to support team collaboration and effective home office work
24 hours of Paid Volunteer Time Off (“VTO”) Per Year to Volunteer with Charitable Organizations
Your recruiter will share more about the specific salary range and benefits package for your role during the hiring process.
About Included Health
Included Health is a new kind of healthcare company, delivering integrated virtual care and navigation. We’re on a mission to raise the standard of healthcare for everyone. We break down barriers to provide high-quality care for every person in every community — no matter where they are in their health journey or what type of care they need, from acute to chronic, behavioral to physical. We offer our members care guidance, advocacy, and access to personalized virtual and in-person care for everyday and urgent care, primary care, behavioral health, and specialty care. It’s all included. Learn more at includedhealth.com.
-----
Included Health is an Equal Opportunity Employer and considers applicants for employment without regard to race, color, religion, sex, orientation, national origin, age, disability, genetics or any other basis forbidden under federal, state, or local law. Included Health considers all qualified applicants in accordance with the San Francisco Fair Chance Ordinance.