Product Security Engineer
The Role
Cedar has built a platform that combines data science and machine learning to connect patients with healthcare providers in a way that helps solve the critical challenges of patient billing and payment. Our technology improves the overall experience of patient billing and engagement, enabling patients to help understand the cost of their care while ensuring providers can thrive in a rapidly changing environment. Patients put their trust in Cedar's platform, making security and availability an integral part of what we do.
As a Product Security Engineer, you will help build the application security program, affecting the whole product lifecycle: from input to architecture through the release process as well as ongoing assessment, triage and remediation of application vulnerabilities. As a fast-growing startup, security cannot be reactive, and so you will be hands-on with our codebase: helping build tools, services and guidance that form the "golden road", so releasing secure software is the easy and obvious path for the rest of our maker community.
Responsibilities
- Embed security practices into new and existing CI/CD pipelines
- Perform security assessments of new products and technologies
- Evangelize security through participation in design discussions and code reviews
- Build security solutions not just to mitigate the OWASP Top 10, but to raise the bar on data protection and monitoring
- Drive technical projects end-to-end, including the integration of secure development standards, tools and processes
- Perform threat modeling, research and share threat intelligence specific to Cedar's business
- Prioritize remediations and projects based on knowledge of threat, risk and importance to the business
Required Skills & Experience
- 5+ years in technical security roles
- Proficient in a few general purpose programming languages (ideally Python & Javascript)
- Experience with penetration tests & application assessments, ideally on both sides of the table
- Experience performing code audits on internal and open source libraries
- Experience with DAST, SAST as well as manual testing techniques
- Familiarity with AWS operations; this isn't an infrastructure role, but you should be able to advocate for controls at different parts of the stack
Preferred Qualifications
- A record of participation in the open-source and security communities
- Experience building secure APIs and secure data science pipelines
- Hands-on experience with container and AWS security, and implementing automations with and for these platforms
- Familiarity with HIPAA, PCI and the unique considerations around health and payments data
- Experience with vulnerability and threat management activities generally, including bug bounty and external assessment programs
- Strong communications skills - ability to describe the security of our platform to existing and potential clients would be a big win
What do we offer to the ideal candidate?
- An opportunity to work on a platform that is scaling very rapidly with 200,000 engaged patients a day as of May 2020
- A chance to join a high-growth company at an early stage
- The ability to impact the growth of our company, we value all comments and suggestions
- Transparency across teams and interaction with multiple departments
- Competitive pay, employer-paid healthcare, stock options
- Daily team lunch and unlimited healthy snacks at our NYC office
Applicants must be currently authorized to work in the United States on a full-time basis. Cedar will not hire any applicants for Product Security Engineer who are present in the United States on an F-1 visa