Lead Security Engineer - Hinge Health
Hinge Health is moving people beyond pain by transforming the way it is treated and prevented. Connecting people digitally and in-person with expert clinical care, we combine advanced technology, AI and a care team of experts to guide people through personalized care directly from their phone. Our approach is proven to reduce pain by 68%, prevent 42% of new opioid prescriptions, and avoid more than half of joint replacement surgeries. Available to 18M people, Hinge Health is trusted by leading health plans and employers, including Land O’Lakes, L.L. Bean, Salesforce, Self-Insured Schools of California, Southern Company, State of New Jersey, US Foods, and Verizon.
Learn more at http://www.hingehealth.com
Here at Hinge Health, we welcome all applicants and know a diverse team makes us better and stronger. We look for individuals who embody our leadership principles and we value varied experiences and skill sets. Beyond specific work experience, we also look for unique capabilities and skill sets that are key indicators an applicant will thrive in our fast-paced, frequently evolving environment. If this sounds like the kind of place you’d like to be part of, please apply - we would love to hear from you!
Hinge Health Hybrid Model:
We believe that remote work and in-person work have their own advantages and disadvantages, and we want to be able to leverage the best of both worlds. Employees in hybrid roles are required to be in the office 2 days/week. We will be expanding to 3 days/week in the office beginning April of 2024.
About the Role
We’re looking for a detail oriented and technically proficient individual to join us in maturing the Application and Product Security group within the Security team. This function is growing, and you will have an opportunity to help shape the group's direction and grow with it.
Security Engineers will evaluate requests for the use of new AWS services, make recommendations whether the service should be used in our environment and if approved assess the risks, and create standards and guidelines for use of those services.
A Security Engineer will evaluate these requests for new infrastructure or changes to existing infrastructure against the Security pillar of the AWS Well-Architected Framework, HIPAA, HITRUST, CIS Benchmarks, other regulatory requirements and other security best practices and frameworks as needed.
Security Engineers (Infrastructure and DevOps) focus on where our applications interact with and rely on infrastructure components, typically AWS, and our CI/CD pipeline. You will work directly with Engineering teams including developers, Developer Experience (CI/CD), SRE and other infrastructure teams to integrate security into stages of our Secure Software Development Life Cycle. This includes, working closely with the Developer Experience team to ensure all Application Security tools and scanners are integrated into CI/CD pipelines in a standardized manner while meeting all the needs of the Application Security team.
This role will also respond to security related design and implementation questions regarding infrastructure (AWS), integrated/supporting SaaS tools, and Application Security originating from Engineering teams with a focus on quick response and resolution to enable these teams to implement secure infrastructure, CI/CD pipelines, and internally developed microservices in a timely manner.
They may also be expected to assist in proactively identifying, assessing, advising engineering teams in the prioritization and remediation of source code security vulnerabilities. Security Engineers are expected to do so using multiple methods and tools including but not limited to manual penetration testing, outputs from automated security scanning tools including Software Composition Analysis, Static Application Security Testing, Dynamic Application Security Testing, and the findings from third-party application penetration tests.
Security Engineers also work with the Security Operations and Infrastructure teams to deploy and maintain security tools within the Hinge Health environment and assist in the tuning of these tools.
Security Engineers will be part of the incident response team as subject matter experts as needed. They may also be called upon as subject matter experts to assist other teams with third party security assessment requests.
Last updated: 5 days ago
© 2021 - 2022