Director, Security Engineering
Thirty Madison is building the premier healthcare company for people with chronic health issues. Through our novel approach to care delivery, powered by our proprietary platform and brands built around specific chronic conditions, we combine the best of specialist-level healthcare with the convenience of telemedicine.
In just three years, we've built four brands on top of our platform: Keeps (for men's hair loss), Cove (for migraine), Evens (for acid reflux), and our newest brand, Picnic (for allergies). We're growing rapidly, recently raised a $47m Series B, and are backed by some of the best healthcare and consumer investors, including Polaris Partners, Johnson & Johnson, Maveron, Northzone, First Round, and Greycroft, among others.
This year, we are honored to be included on Built In's 2021 list of Best Places To Work in New York City and Best Midsize Companies To Work For. This recognition is a true testament to our hardworking team and company culture. As we continue to grow, we pride ourselves on finding passionate individuals who truly embody our core values and mission each and every day.
The Role
There’s not a better time to join Thirty Madison. Fresh off of our $47m Series B fundraise, we are looking for a world-class and seasoned engineering leader to serve as our Director of Security Engineering. As we continue to improve the healthcare experience and outcomes for millions of patients as well as launch new therapeutic areas in more complex conditions, you will develop our security engineering team to ensure that the maximum number of people have safe and secure access to high-quality, affordable care from Thirty Madison.
In this role, you will build the security engineering team and the software security program at Thirty Madison. You will partner with our Head of Engineering to provide strategic technical guidance and further develop a security-minded culture. You will ensure security is baked into all of our processes including infrastructure deployments, software development practices, as well as company IT and compliance practices. You will lead by example, applying your significant technology and team building skills to help our company mitigate security risks while continuing to push boundaries and execute at an extremely high level.
The ideal candidate has both tactical and management experience in security engineering. Additionally, they are excited to operate as a player-coach while building a best-in-class security team that is poised to support our organization at scale. We look for teammates who are humble, curious, kind, proactive, resourceful, and will challenge us at every turn. This is an incredible opportunity for someone who wants to drive change in healthcare and improve how millions of people manage chronic health issues.
This role reports to the Head of Engineering.
You’re the right person for this role if you are:
- Passionate about evangelizing best practices around application and infrastructure security
- An experienced manager with the ability to mentor and develop individual contributors on the security engineering team
- A proven leader who can serve as a security resource across functions including Product, Marketing, Design, Customer Experience, and Leadership
- A clear communicator who can provide non-technical explanations for highly technical projects
- A data-driven thinker who resists inertia by constantly looking to optimize and improve existing processes
- A creative and versatile problem solver. You thrive in fast-paced, constantly changing environments by creating structure and process where there is none. You also know how to make tradeoffs between risk and speed.
Some things you will work on:
- Hire and retain talent to build the security engineering team.
- Develop our security strategy and own the implementation roadmap.
- Work with our engineering teams to foster a culture of secure coding and testing practices.
- Partner with Thirty Madison’s privacy team to build our compliance program including ISO 27001, SOC2, and HIPAA practices by implementing appropriate controls throughout the organization.
- Lead security and risk assessment programs including
- Penetration testing
- Vulnerability scanning and mitigation
- Authentication, access, and authorization controls
- Build monitoring and alerting infrastructure for intrusion detection and prevention.
- Build our security policies and documentation to set clear expectations of the role all employees play in securing our assets.
You should have:
- Proven track record of success in designing and building security roadmaps and solutions.
- 8+ years of combined engineering experience in application development and security engineering.
- 3+ years of people management experience
- Knowledge and experience with internet security best practices, especially as defined by OWASP.
- Technical experience with integrating different security technologies
- Knowledge of challenges in deploying cloud services securely
- Experience working on compliance initiatives, especially as it relates to IT security, data management, and third party integrations.
- Experience integrating security practices into the software development life cycle via policies, CI/CD, and security reviews.
- Experience fostering an inclusive and innovative security engineering environment
- Experience leading and mentoring security teams
- Passion for the Thirty Madison mission of expanding access to healthcare!
These are unprecedented times and we understand COVID-19 is impacting everyone differently. Our primary goal from the beginning of the pandemic has been to ensure employee safety. We went from optional to mandatory work-from-home very quickly in early March, and we have told employees that they can work remotely through July 2021 to allow them to plan accordingly.
We have also rolled out several initiatives to help our team successfully navigate the uncertainty associated with COVID-19. These initiatives have included providing funds for home office improvements, medical reimbursements, free meditation/mindfulness tools, mandatory “Me Days” away from work, company-wide Refresh days off, and fun opportunities to connect live with teammates each week (such as virtual escape rooms). We continue to examine different benefits, tools, and processes that best support our employees as we continue to work remotely and eventually begin transitioning back to the office.
Benefits for full-time Thirty Madison employees:
- Competitive salary, equity, and career development opportunities
- 100% coverage on many health, dental, and vision insurance plans
- 401k with a match, commuter benefits, and FSA
- Budget for the technology tools you need — whether it’s a laptop, monitor, or special software
- Annual $750 vacation stipend and $750 wellness allowance
We are proud to be an equal opportunity workplace committed to building a team culture that celebrates diversity and inclusion.
We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions. Please contact us to request accommodation.