Senior Product Security Engineer

About the role

Pomelo Care is the leading virtual medical practice for women and children, providing care across pregnancy, postpartum, pediatrics, menopause, and perimenopause. We combine proactive, 24/7 clinical care with technology that helps us reach patients earlier, identify risks sooner, and deliver personalized care throughout their journey. Our team includes clinicians, technologists, operators, and problem-solvers working together to make high-quality care more accessible for families nationwide. This is a unique opportunity for a talented software engineer with a passion for cybersecurity to pivot into a full-time security role and help us protect mission-critical systems, applications, and valuable patient data at Pomelo !

Responsibilities

• You aren't just finding bugs; you are building the systems that prevent and fix them at scale. Your work will be centered on three core strategic pillars:
• Secure architecture and auth: you will design and implement auth enhancements such as magic link improvements and access/audit log features to monitor access and improve transparency.
• Full-cycle remediation: you will own the end-to-end pentest-to-fix lifecycle . This means you don't just triage reports; you write the code to fix penetration test findings, remediate SAST issues, and build greenkeeping systems for high-volume dependency patching with regression testing.
• Beyond these pillars, you will serve as a high-leverage engineering partner to the broader InfoSec team by:
• Building secure-by-default libraries: reducing the load on core Software Engineering by creating internal libraries and patterns that make security the default path.
• Threat modeling: partnering with engineering leads to conduct threat modeling and ensure secure design at the earliest stages of the development process.
• Scaling through collaboration: as a security resource embedded in our engineering teams, you will help engineering squads navigate complex security use cases, translating GRC requirements into elegant code rather than manual checklists.

Requirements

• You're an enthusiastic and collaborative engineer who enjoys solving meaningful problems through code. You view security as a product challenge, and you believe the best way to secure a system is to make the "secure way" the "easy way." In particular, you:
• Your foundation is in Engineering: You have 5+ years of software engineering experience and are ready to pivot to a full-time security role, bringing a strong foundation in computer science and a track record of shipping production-grade code (Python, Go, Kotlin or similar).
• Are an automation enthusiast: you enjoy tackling complex problems with practical automation and are keeping up with trends in LLM agents to multiply your engineering impact.
• Navigate ambiguity: as a floating resource across various engineering teams, you are comfortable context-switching and can quickly build rapport with different engineering teams to understand their needs.
• We'll be super excited if you
• Have experience with Google Cloud Platform (GCP), Github Advanced Security (GHAS), Stytch, Sentry, Fullstory, Statsig or similar technology stack.
• Have prior experience in healthcare data, including understanding of HIPAA, SOC 2 Type 2 and HITRUST compliance requirements.
• Have experience building data infrastructure that supports AI/ML workloads,internal developer platforms and privacy preserving data de-identification and anonymization techniques.
• Have previously worked in a fast-paced, product-oriented startup environment.
• Why you should join our team
• By joining Pomelo, you will get in on the ground floor of a fast-moving, well-funded, and mission-driven startup that always puts the patient first. You will learn, grow and be challenged -- and have fun with your team while doing it.
• We strive to create an environment where employees from all backgrounds are respected. We also offer:
• Competitive healthcare benefits
• Generou

Benefits

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at pomelocare? Share your experience