Manager, Security Engineering
GoodRx · United States · 2 wk ago
RemoteRemoteInformation Technology$202k–$323k/yrFull-time
Responsibilities
- Leads, hires, develops, and manages security engineers through coaching, performance management, and career development
- Develops and executes the team's security engineering roadmap, balancing risk reduction, operational effectiveness, and business objectives
- Develops and maintains security engineering services and controls that align with business objectives and industry best practices
- Recommends improvements to security policies, standards, and procedures that strengthen the organization's security posture, including encompassing and considering emerging risks such as AI adoption and use
- Works closely with leadership, teams, and cross-functional business groups to establish alignment on the security roadmap, plan, and vision
- Guides team technical decisions related to cloud security, application security, identity management, and emerging technologies
- Establishes and develops security vendor relationships to ensure effective and efficient supplier performance results
- Partners with Security, Compliance, Engineering, and IT stakeholders to support security awareness initiatives and promote secure engineering practices
- Partners with Compliance and Audit teams to support security controls, audit readiness, evidence collection, and remediation activities
- Drives adoption of DevSecOps practices, security automation, vulnerability management, secure code review processes, and secure-by-default engineering patterns
- Establishes operational metrics and reporting to measure the effectiveness of security controls, detection capabilities, and team performance
Requirements
- 8+ years of experience in cybersecurity, cloud security, application security, infrastructure security, or related domains
- Bachelor's degree in Computer Science, Information Systems, or a related field or equivalent practical experience
- Experience with one or more modern programming or scripting languages (Python, Go, Java, Rust, Bash, or similar)
- Strong familiarity with software development lifecycle (SDLC) processes and source control technologies
- Understanding of DevSecOps, application security principles, secure software development practices, and modern software delivery environments
- Experience with risk assessment & analysis, emergency preparedness, and investigations/incident management
- Excellent communication and team relationship skills
- Experience with SIEM, security monitoring, threat detection, incident response, and observability platforms in cloud environments
- Experience securing cloud-native environments, containerized workloads, Kubernetes platforms, modern CI/CD pipelines, and associated controls including vulnerability management, secrets management, and workload protection
- Experience with identity and access management technologies such as Okta, SAML, OAuth, Descope, and OIDC, including authentication, authorization, and privileged access concepts
- Experience securing cloud platforms such as AWS and/or GCP, including IAM, network security, logging, monitoring, and cloud-native security services (AWS and GCP certifications are a plus)
- Experience with managing security programs and frameworks
- Experience implementing or operating security controls aligned with frameworks such as NIST CSF, SOC 2, HITRUST, ISO 27001, or CIS Controls
- CISSP and/or CISM certification is a plus
Qualifications
- Security is responsible for implementing security measures, monitoring suspicious activity, and taking immediate action against cyber threats through the incident response process and vulnerability management program.
- Security monitors GoodRx’s organizational systems for end users’ activities from an information security perspective and correlates / analyzes logs to detect potential Events and Incidents.
- The team works collaboratively with other departments to improve the organization’s security posture.
Benefits
- Pay ranges are determined based on work locations and may vary based on where the successful candidate is hired.
- Additional compensation programs such as annual cash bonuses or commission, and annual equity grants for most positions as well as generous benefits.
- Great benefits offerings include medical, dental, and vision insurance, 401(k) with a company match, an ESPP, unlimited vacation, 13 paid holidays, and 72 hours of sick leave.
- Additional benefits like mental wellness and financial wellness programs, fertility benefits, generous parental leave, pet insurance, supplemental life insurance for you and your dependents, company-paid short-term and long-term disability, and more!