Driven by our mission to make it easier to understand, navigate, and pay for healthcare, Collective Health is evolving the way health benefits work. If you are passionate about our mission and you are an experienced hands-on product and application security professional who is excited about developing and leading a broad range of functions at a mission-driven, highly-regulated technology company, this role is for you.

You’ll lead initiatives that address the company’s—and some of our industry’s—most sophisticated and meaningful security and architectural challenges. You will build relationships across all parts of the business and drive multi-functional initiatives to continuously improve our security and privacy posture. You will be responsible for building and implementing controls that can scale and optimize as we move into a context-aware security environment. We take the security and privacy of our users’ healthcare information very seriously as our brand promise begins with a strong level of trust.

This role will focus on security architecture, design and engineering subject areas while being able to layout product security maturity, identify program and tool gaps and recommend solutions. Building positive relationships with Engineering, Product, Privacy, Compliance and customer facing teams is a core tenant of the role and the team. You will help in building an enterprise testing and assessment framework by introducing and integrating security tools, processes & responsibilities with the developer ecosystem. 

We are looking for a strong Technical and People leader who wants to build this platform and ensure security and privacy across all of our customer and member experiences.

What you'll be doing:

• Solve for different vulnerability types and security issues with reusable services and libraries
• Build and extend scalable, legally compliant systems and services that will securely transmit and store sensitive data including ePHI, PII & confidential information
• Architect, build and drive implementations of DAST/SAST/SCA/WAF/RASP/IAST solutions in an enterprise environment
• Create shared patterns for secure services and drive adoption  across the engineering teams
• Participate in identifying security risks through regular security reviews and driving remediation
• Lead, support, and mentor engineers in secure development practices and be a security subject matter expert and resource within the broader organization
• Work with product teams to scope security needs for new and existing products, and to plan and implement security features at the platform level
• Perform threat modeling and attack simulation exercises both in the context of internal assessments and while assisting 3rd party penetration testing/gray box testing
• Collaborate with product and engineering to appropriately address security risks while enabling product advancement
• Support security features in our production environment
• Define security protocols policies, and procedures with clear owners, and timely responsiveness
• Translate business requirements across the company to best-in-class experiences
• Be hands-on with our engineering solutions and drive technical excellence within the team
• Help recruit, hire and build high-performance teams

What you bring:

• Significant, relevant experience and passion for building security-focused platforms and customer-facing applications that perform at scale
• Strong software engineering fundamentals with front-end and back-end applications
• Experience working with multiple programming languages and switching between frameworks as necessary - Python, Java, Kotlin, Scala, and Go
• Experience successfully triaging and resolving security bugs and incidents
• Demonstrated record of implementing security programs and practices at scale 
• Demonstrated strong communication and interpersonal skills across engineering organizations
• Experience building identity, authentication, authorization and secrets management systems
• Experience with successfully leading teams in a results-based environment

Preferred: 

• Evangelized secure coding practices across organizational boundaries
• Experienced in threat modeling new and existing applications
• Knowledgeable in secure development practices and common vulnerabilities
• Strong experience with architecting and/or operating application security tooling such as DAST/SAST/SCA/WAF/RASP/IAST in an enterprise environment
• Passionate about creating great developer experiences for security features and services
• Should have worked extensively with cloud providers such as AWS and Google Cloud Platform
• Healthcare and HITRUST experience preferred