Senior Product Security Engineer I
Oscar Health · New York, NY · 6 days ago
HybridInformation Technology$215k/yrFull-time
About the role
The Senior Product Security Engineer will lead the security of the SDLC, working at the intersection of traditional application security and modern AI-driven engineering.
Responsibilities
- Vulnerability Management: Drive the vulnerability management lifecycle, from automated identification to manual analysis and remediation tracking.
- Technical Mentorship: Act as a technical resource and mentor to junior engineers, guiding them through development challenges.
- Code Review & Development: Conduct source code reviews and write production-quality code and libraries for engineering teams.
- Risk Assessment: Build risk assessment frameworks and deliver action plans to manage risks.
- Other Duties as Assigned: Perform additional tasks as assigned by the Manager of Product Security.
Requirements
- 4+ years of technology field experience
- 4+ years of security engineering experience
- Bonus points for prior work experience in or understanding of security challenges specific to healthcare or health insurance industries
- Hands-on experience using AI models and integrating them with internal systems via protocols like MCP
- Strong background in building moderate to complex standalone systems or major new features
Qualifications
- BS in Computer Science or related field
- CISSP or equivalent security certification preferred
Skills
- Experience with SAST/DAST tools
- Knowledge of Model Context Protocol (MCP)
- Ability to build and maintain complex systems
Benefits
- Paid holidays
- Paid sick time
- Paid parental leave
- 401(k) plan participation
- Life and disability insurance
- Wellness time and reimbursements
Pay
$163,944K - $215,176 per year
Schedule
This is a hybrid role with 3 days of in-office work per week. Thursdays are required in-office days for team meetings and events, while the other two office days are flexible to suit your schedule.