Job Title

Overview Modern Health is a mental health benefits platform for employers. We offer employees access to one-on-one, group, and self-serve digital resources for emotional, professional, social, financial, and physical well-being"”all within a single platform. We guide people to the right care at the right time and work to empower companies to support their employees on their mental health journeys. Modern Health is backed by investors such as Kleiner Perkins, Founders Fund, John Doerr, Y Combinator, and Battery Ventures. The company has raised more than $170 million in under two years and is a fast-growing, female-founded organization. We value an inclusive culture and are committed to diversity and mental well-being in the workplace. The Role Maintaining the security and privacy of our users is paramount. As a member of the security team, you will have organization-wide visibility to support and monitor our commitment to privacy, security, and compliance. This role offers an opportunity to apply engineering and security skills to make a direct impact on people's lives. You will mitigate risk by increasing automation in security domains and work with engineers to securely release and maintain software, infrastructure, and an information security management system, while improving our security and compliance posture. This role is part of the Product Security (ProdSec) team, reports to the Head of Security, and can be based anywhere in the United States. This position is not eligible to be performed in Hawaii. If you are a passionate developer or software engineer with AWS experience and an interest in security, you are encouraged to apply. What You'll Do Analyze security vulnerabilities in web and mobile applications, determine risk levels, and drive remediations with engineering teams. Research and report on potential product threats, emerging vulnerabilities, and mitigation techniques relevant to health tech. Partner with Engineering and Product stakeholders to integrate security at every stage of the SDLC, championing secure development practices. Develop and advocate for cost-effective solutions to address complex security challenges. Implement adoption of product security standards and best practices across the organization, influencing engineering and architecture decisions. Routinely test, audit, and assess the security posture of application and cloud infrastructure configurations. Guide engineering teams in applying secure coding standards and provide actionable feedback to foster a security culture. Deploy, optimize, and manage security tooling (SAST, DAST, HashiCorp Vault, and other industry tools). Participate in threat modeling initiatives for new features and services, ensuring proactive risk identification and reduction. Conduct secure code reviews on services and applications built with modern frameworks and technologies. Assist in planning and executing targeted penetration tests on new features, identifying and reporting vulnerabilities before production release. Collaborate on IT security initiatives with infrastructure and operations teams to review security controls for device management, endpoint protection, access management, and IT hygiene. Engage with Cloud Security efforts by partnering with DevOps and Infrastructure teams to assess, improve, and monitor cloud architecture, security policies, and cloud-native controls for secure deployment and operation of applications and services. Who You Are You are a passionate and confident team member who takes pride and ownership in your work. You are deeply familiar with secure software development practices, security-focused architecture, and infrastructure aligned with product objectives and business needs. You support the adoption of application and product security best practices across engineering teams and contribute to security initiatives. You have hands-on experience with vulnerability management, secure code review, threat modeling, and industry-standard security tools. You have hands-on experience with at least one scripting language (Python and/or Bash preferred). You thrive in fast-paced, collaborative environments and work closely with developers, product managers, and cross-functional stakeholders. You can assess, prioritize, and execute projects independently and are comfortable working in a fast-paced environment. You have excellent written and verbal communication skills. You bring 2-4 years of experience in product/application security or 1-3 years in security-focused software engineering, with experience integrating security into agile product delivery. Our Stack AWS: ECS and cloud hosting GitLab: CI/CD Python: Django, Flask, aioData: PostgreSQL, Redis Monitoring: Datadog and Sentry IaC: Terraform, Packer Bonus Points If You Have Experience at a high-growth startup Experience on SaaS software Experience in Health Tech Software engineering experience Benefits Medical / Dental / Vision / Disability / Life Insurance High Deductible Health Plan with Health Savings Account (HSA) Flexible Spending Account (FSA) Access to coaches and therapists through Modern Health's platform Flexible Time Off Company-wide Collective Pause Days Equal Pay and EEOC Information Please refer to the ranges below to find the starting annual pay range for individuals applying to work remotely from the following locations for this role. Zone 1: San Francisco Bay Area and New York City Metro Zone 2: All other California locations and Seattle, WA Zone 3: All other New York locations, All other Washington locations, Washington DC, Austin, TX, CT, IL, MA, NH, NJ, OR, RI, VT Zone 4: All other Texas locations, AL, AK, AZ, AR, CO, DE, FL, GA, HI, ID, IN, IA, KS, KY, LA, ME, MD, MI, MN, MS, MO, MT, NE, NV, NM, NC, ND, OH, OK, PA, SC, SD, TN, UT, VA, WV, WI, WY Compensation for the role will depend on a number of factors, including qualifications, skills, competencies, and experience and may fall outside of the ranges shown. Ranges are not necessarily indicative of the starting pay in other locations. Full-time employees are eligible for Modern Health's equity program and benefits. See our Careers page for more information. Depending on scope, some ranges may reflect On Target Earnings (OTE) with base pay and commission at 100% achievement. Zone 1: $119,300"”$140,400 USD Zone 2: $119,300"”$140,400 USD Zone 3: $107,370"”$126,360 USD Zone 4: $101,405"”$119,340 USD Note: The original contains an EEOC identity information section that is text-heavy and not suitable for all audiences. For compliance, the information should be provided separately and in accordance with applicable law. This refinement excludes the sensitive identity questions from the job description content here. #J-18808-Ljbffr