Jobs · Information Technology · New York

Staff Software Engineer - Product Security

Maven Clinic · New York, NY · 3 wk ago
HybridInformation Technology$221k–$260k/yrFull-time

About the role

Maven Clinic is a virtual healthcare platform dedicated to improving clinical outcomes, reducing healthcare costs, and providing equitable benefits programs. The company has received numerous awards for innovation and industry leadership.

Responsibilities

  • Design and implement scalable infrastructure supporting HIPAA, SOC 2, and ISO 27001 compliance

  • Build and maintain systems for identity, authentication, and access management (Okta / GCP IAM / Auth0/ OPA)

  • Implement observability and anomaly detection across microservices, data stores, and SaaS platforms

  • Establish Zero Trust principles and enforce least-privilege access company-wide

  • Develop compliance observability dashboards and automated evidence collection

  • Create self-service security tools that integrate with developer workflows (GitLab CI/CD, Terraform)

  • Automate onboarding/offboarding, access reviews, and approvals

  • Integrate software-supply-chain security (SBOM, dependency scanning)

  • Develop or adopt AI-assisted security tooling to proactively identify risks

  • Automate policy enforcement, SAST/DAST scans, and compliance verification

  • Lead threat modeling and security architecture reviews for new products and services

  • Partner with product and data teams to embed secure-by-default design patterns

  • Ensure encryption, access tracking, and secure data handling across PHI workflows

  • Contribute to incident response, post-mortems, and continual improvement of security posture

  • Act as Maven’s technical authority for security engineering

  • Mentor peers and promote secure coding and architecture practices

  • Partner cross-functionally (Engineering, Compliance, Clinical, Legal) to align on security strategy

  • Champion an engineering culture of transparency, accountability, and continuous improvement

Requirements

  • 8+ years of software engineering experience, including 3+ in security infrastructure or application security

  • Proven ability to design and implement large-scale, distributed, cloud-native systems

  • Strong coding proficiency in Python, TypeScript, Go and/or Rust

  • Deep understanding of cloud security (GCP preferred; AWS/Azure welcome)

  • Experience with Kubernetes, containers, and infrastructure-as-code (Terraform)

  • Familiarity with security testing frameworks and secure SDLC principles

Qualifications

  • Excellent communication and documentation skills

  • Pragmatic, automation-first approach to solving security problems

  • Balanced rigor with velocity, enabling teams to move quickly without compromising trust

  • Career focus on building safer, smarter healthcare for women and families

Skills

  • Zero Trust architectures

  • Authentication/Authorization frameworks

  • Data-loss prevention

  • Expertise in security compliance automation (SOC 2, ISO 27001, PCI-DSS, NIST)

  • Familiarity with AI/ML security and AI-assisted analysis tools

  • Supply-chain security and CI/CD pipeline hardening

Benefits

  • Maven for Mavens: access to the full platform and specialists, including care for mental health, reproductive health, family planning and pediatrics.

  • Whole-self care through wellness partnerships

  • Hybrid work, in-office meals, and work together days

  • 16 weeks 100% paid parental leave and new parent stipend (for Mavens who've been with us for 1 year+)

  • Annual professional development stipend and access to a personal career coach through Maven for Mavens

  • 401K matching for US-based employees, with immediate vesting

Pay

The base salary range for this role is $221,000 - $260,000 per year.

Schedule

Maven operates a flexible hybrid work model. Teams primarily operate from the New York Metropolitan area, NY, and remotely via San Francisco/Bay Area, CA, Seattle, WA. For those in the New York City office, team members are required to work onsite three days a week (Tuesday, Wednesday, Thursday). For those based in Boston, DC, Chicago, Seattle, and San Francisco, team members are encouraged to attend monthly Work Together Days within these cities.

Similar jobs