Staff Software Engineer - Product Security
About the role
Maven Clinic is a virtual healthcare platform dedicated to improving clinical outcomes, reducing healthcare costs, and providing equitable benefits programs. The company has received numerous awards for innovation and industry leadership.
Responsibilities
Design and implement scalable infrastructure supporting HIPAA, SOC 2, and ISO 27001 compliance
Build and maintain systems for identity, authentication, and access management (Okta / GCP IAM / Auth0/ OPA)
Implement observability and anomaly detection across microservices, data stores, and SaaS platforms
Establish Zero Trust principles and enforce least-privilege access company-wide
Develop compliance observability dashboards and automated evidence collection
Create self-service security tools that integrate with developer workflows (GitLab CI/CD, Terraform)
Automate onboarding/offboarding, access reviews, and approvals
Integrate software-supply-chain security (SBOM, dependency scanning)
Develop or adopt AI-assisted security tooling to proactively identify risks
Automate policy enforcement, SAST/DAST scans, and compliance verification
Lead threat modeling and security architecture reviews for new products and services
Partner with product and data teams to embed secure-by-default design patterns
Ensure encryption, access tracking, and secure data handling across PHI workflows
Contribute to incident response, post-mortems, and continual improvement of security posture
Act as Maven’s technical authority for security engineering
Mentor peers and promote secure coding and architecture practices
Partner cross-functionally (Engineering, Compliance, Clinical, Legal) to align on security strategy
Champion an engineering culture of transparency, accountability, and continuous improvement
Requirements
8+ years of software engineering experience, including 3+ in security infrastructure or application security
Proven ability to design and implement large-scale, distributed, cloud-native systems
Strong coding proficiency in Python, TypeScript, Go and/or Rust
Deep understanding of cloud security (GCP preferred; AWS/Azure welcome)
Experience with Kubernetes, containers, and infrastructure-as-code (Terraform)
Familiarity with security testing frameworks and secure SDLC principles
Qualifications
Excellent communication and documentation skills
Pragmatic, automation-first approach to solving security problems
Balanced rigor with velocity, enabling teams to move quickly without compromising trust
Career focus on building safer, smarter healthcare for women and families
Skills
Zero Trust architectures
Authentication/Authorization frameworks
Data-loss prevention
Expertise in security compliance automation (SOC 2, ISO 27001, PCI-DSS, NIST)
Familiarity with AI/ML security and AI-assisted analysis tools
Supply-chain security and CI/CD pipeline hardening
Benefits
Maven for Mavens: access to the full platform and specialists, including care for mental health, reproductive health, family planning and pediatrics.
Whole-self care through wellness partnerships
Hybrid work, in-office meals, and work together days
16 weeks 100% paid parental leave and new parent stipend (for Mavens who've been with us for 1 year+)
Annual professional development stipend and access to a personal career coach through Maven for Mavens
401K matching for US-based employees, with immediate vesting
Pay
The base salary range for this role is $221,000 - $260,000 per year.
Schedule
Maven operates a flexible hybrid work model. Teams primarily operate from the New York Metropolitan area, NY, and remotely via San Francisco/Bay Area, CA, Seattle, WA. For those in the New York City office, team members are required to work onsite three days a week (Tuesday, Wednesday, Thursday). For those based in Boston, DC, Chicago, Seattle, and San Francisco, team members are encouraged to attend monthly Work Together Days within these cities.