Staff Software Engineer - Product Security

Responsibilities

• Security Platform Engineering
• Design and implement scalable infrastructure supporting HIPAA, SOC 2, and ISO 27001 compliance
• Build and maintain systems for identity, authentication, and access management (Okta / GCP IAM / Auth0/ OPA)
• Implement observability and anomaly detection across microservices, data stores, and SaaS platforms
• Establish Zero Trust principles and enforce least-privilege access company-wide
• Develop compliance observability dashboards and automated evidence collection
• Security Automation & Tooling
• Create self-service security tools that integrate with developer workflows (GitLab CI/CD, Terraform)
• Automate onboarding/offboarding, access reviews, and approvals
• Integrate software-supply-chain security (SBOM, dependency scanning)
• Develop or adopt AI-assisted security tooling to proactively identify risks
• Automate policy enforcement, SAST/DAST scans, and compliance verification
• Application & Data Security
• Lead threat modeling and security architecture reviews for new products and services
• Partner with product and data teams to embed secure-by-default design patterns
• Ensure encryption, access tracking, and secure data handling across PHI workflows
• Contribute to incident response, post-mortems, and continual improvement of security posture
• Leadership & Collaboration
• Act as Maven's technical authority for security engineering
• Mentor peers and promote secure coding and architecture practices
• Partner cross-functionally (Engineering, Compliance, Clinical, Legal) to align on security strategy
• Champion an engineering culture of transparency, accountability, and continuous improvement

Requirements

• Required
• 8+ years of software engineering experience, including 3+ in security infrastructure or application security
• Proven ability to design and implement large-scale, distributed, cloud-native systems
• Strong coding proficiency in Python, TypeScript, Go and/or Rust
• Deep understanding of cloud security (GCP preferred; AWS/Azure welcome)
• Experience with Kubernetes, containers, and infrastructure-as-code (Terraform)
• Familiarity with security testing frameworks and secure SDLC principles
• Excellent communication and documentation skills
• Preferred
• Expertise in Zero Trust architectures, authentication/authorization frameworks, and data-loss prevention
• Experience with security compliance automation (SOC 2, ISO 27001, PCI-DSS, NIST)
• Background in data security telemetry and threat detection
• Familiarity with AI/ML security and AI-assisted analysis tools
• Exposure to supply-chain security and CI/CD pipeline hardening
• Certifications (CISSP, GCP Professional Cloud Security Engineer, OSCP) a plus
• What Makes You a Great Fit
• You take a pragmatic, automation-first approach to solving security problems
• You balance rigor with velocity, enabling teams to move quickly without compromising trust
• You communicate clearly with both technical and non-technical stakeholders
• You're curious, adaptable, and eager to lead initiatives from concept to production
• You care deeply about our mission-building safer, smarter healthcare for women and families
• The base salary range for this role is $221,000 - $260,000 per year. You will also be entitled to receive equity and benefits. Individual pay decisions are

Benefits

Additional Information

Maven is the world's largest virtual clinic for women and families on a mission to make healthcare work for all of us. Maven's award-winning digital programs provide clinical, emotional, and financial support all in one platform, spanning fertility & family building, maternity & newborn care, parenting & pediatrics, and menopause & midlife. More than 2,000 employers and health plans trust Maven's end-to-end platform to improve clinical outcomes, reduce healthcare costs, and provide equity in benefits programs. Recognized for innovation and industry leadership, Maven has been named to the Time 100 Most Influential Companies, CNBC Disruptor 50, Fast Company Most Innovative Companies, and FORTUNE Best Places to Work. Founded in 2014 by CEO Kate Ryder, Maven has raised more than $425 million in funding from top healthcare and technology investors including General Catalyst, Sequoia, Dragoneer Investment Group, Oak HC/FT, StepStone Group, Icon Ventures, and Lux Capital. To learn more about Maven, visit us at mavenclinic.com. An award-winning culture working towards an important mission - Maven Clinic is a recipient of over 30 workplace and innovation awards, including: Fortune Change the World (2024) CNBC Disruptor 50 List (2022, 2023, 2024) Fortune Best Workplaces for Millennials (2024) Fortune Best Workplaces in Health Care (2024) TIME 100 Most Influential Companies (2023) Fast Company Most Innovative Companies (2020, 2023) Built In Best Places to Work (2023) Fortune Best Workplaces NY (2020, 2021, 2022, 2023, 2024) Great Place to Work certified (2020, 2021, 2022, 2023, 2024) Fast Company Best Workplaces for Innovators (2022) Built In LGBTQIA+ Advocacy Award (2022)

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at mavenclinic? Share your experience