Staff Product Security Engineer at Thirty Madison
Thirty Madison is building the premier healthcare company for people with chronic health issues. Through our novel approach to care delivery, powered by our proprietary platform and brands built around specific chronic conditions, we combine the best of specialist-level healthcare with the convenience of telemedicine.
In just three years, we’ve built four brands on top of our platform: Keeps (for men’s hair loss), Cove (for migraine), Evens (for GI conditions), and our newest brand, Picnic (for allergies). We’re growing rapidly, recently raised a $140m Series C, and are backed by some of the best healthcare and consumer investors, including HealthQuest Capital, Mousse Partners, Bracket Capital, Polaris Partners, Johnson & Johnson, Maveron, Northzone, among others.
This year, we are honored to become Great Place to Work certified and be included on Built In's 2021 list of Best Places To Work in New York City, and Best Midsize Companies To Work For. This recognition is a true testament to our hardworking team and company culture. As we continue to grow, we pride ourselves on finding passionate individuals who truly embody our core values and mission each and every day.
Thirty Madison is transforming the way patients care for their chronic conditions. To do that, we put our patients first, and at the core of putting our patients first is providing them world class safety, security and privacy. This is a chance to build it right from the ground up and help us leapfrog beyond our competition.
This role reports to our CISOResponsibilities / What will I be doing? / You will…
- Design solutions and processes to identify, resolve and mitigate security vulnerabilities and risks.
- Research threats and attack vectors that impact Thirty Madison’s applications and infrastructure.
- Devise and bolster defense-in-depth through secure-by-default frameworks, architectures and processes.
- Mentor and share security and privacy best practices with all parts of the organization.
- An affinity and experience with an automation and development-based approach for security controls.
- Strong threat modeling abilities for security risks.
- Technical architecture and leadership experience in developing security control strategies, iterative design, and product ownership.
- Strong collaboration skills to work with a range of stakeholders from engineers, doctors, and partners around the world.
- Strong desire to take ownership of problems and act on them independently in a rapidly evolving environment
- A continual desire to inform, evangelize and educate others through strong written and verbal communications.
Nice to have’s / Bonus Points
- Exposure to modern cloud deployment technologies (we use AWS and Kubernetes)
- Fluency in at least one modern web framework with a preference on Ruby on Rails (or Python/Django, Node/Express, etc.)
- Competitive salary packages and career development opportunities
- 100% coverage on many health, dental, and vision insurance plans
- 401k with a match, commuter benefits, and FSA
- Budget for the technology tools you need — whether it’s a laptop, monitor, or special software
- Annual $750 vacation stipend and $750 wellness allowance
We are proud to be an equal opportunity workplace committed to building a team culture that celebrates diversity and inclusion.
We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions. Contact us to request accommodation.
How we are managing through the COVID pandemic and its impact on our team?
These are unprecedented times and we understand COVID-19 is impacting everyone differently. Our primary goal from the beginning of the pandemic has been to ensure employee safety. We went from optional to mandatory work-from-home very quickly in early March, and we have told employees that they can work remotely to allow them to plan accordingly.
We have also rolled out several initiatives to help our team successfully navigate the uncertainty associated with COVID-19. These initiatives have included providing funds for home office improvements, medical reimbursements, free meditation/mindfulness tools, mandatory “Me Days” away from work, company-wide Refresh days off, and fun opportunities to connect live with teammates each week (such as virtual escape rooms). We continue to examine different benefits, tools, and processes that best support our employees as we continue to work remotely and eventually begin transitioning back to the office.
*Please be aware that there are fraudulent entities who are claiming to be affiliated with Thirty Madison in order to trick job seekers into divulging personal information or making payments based on false representations while impersonating Thirty Madison. These entities solicit money and personal information under the guise of offering you a position with Thirty Madison. The scammers use many methods to perpetuate these scams, including using Thirty Madison’s trademarks on their correspondence to potential victims. Thirty Madison takes the safety and integrity of those seeking employment with us very seriously and we work cooperatively with our legal team, security department and local authorities to address this issue. If you receive a job offer that claims to be from Thirty Madison, please take steps to confirm that it is legitimate by reviewing the offer carefully and contacting Thirty Madison directly if you have any concerns at all. Please note that Thirty Madison will never ask you for bank account or credit card information, and Thirty Madison will not charge you money to apply for a job with Thirty Madison.*