Director of Product Security
About Ro
Ro is the healthcare technology company building a patient-centric healthcare system. Ro’s vertically integrated primary care platform powers a personalized, end-to-end healthcare experience from diagnosis, to delivery of medication, to ongoing care. With a nationwide provider network, in-home care API, and proprietary pharmacy distribution centers, Ro seamlessly connects telehealth, diagnostics, and pharmacy services to provide high-quality, affordable healthcare without the need for insurance. Since 2017, Ro has facilitated more than six million digital healthcare visits in nearly every county in the United States, including 98% of primary care deserts. Visit Ro.co for more information.
Ro was named #2 in Wellness on Fast Company’s 2019 list of the World’s Most Innovative Companies, listed by Inc. Magazine as a Best Place to Work in 2020, and earned its Great Place to Work Certification in 2020.
As Ro reaches its hyper growth stage we are looking for a strong technical lead to come in and build our scaled Product Security team. This role will have purview across the breadth of Ro’s products and platforms and a strong mandate to achieve a superior security posture through secure coding and vulnerability management practices. This role reports directly to the Chief Information Security Officer and will work closely with other internal security teams.
What you'll do:
- Serve as a technical expert for project teams throughout the implementation and maintenance of assigned information security solutions; define and oversee the documentation of detailed standards (e.g., guidelines, processes, procedures)
- Work closely with Engineering leads to integrate and maintain market-leading security introspection technologies into the CI/CD pipeline for the purpose of reducing coding errors and vulnerabilities at the earliest point in the SDLC
- Build, maintain and execute a robust security education program. Provide training, brownbags, secure code examples and self-help resources to aid developers in their day to day functions
- Work closely with Product Management to gain and maintain visibility into agile planning activities. Steer the teams towards secure outcomes
What you'll bring:
- 5 - 8 years of security engineering and development experience operating a modern tech stack/security tools
- Cybersecurity certification (CISSP, OSCP, Security+, etc.) or educational background in cybersecurity
- Experience implementing and teaching a workforce secure coding practices
- Experience working with CI/CD development products, tools, repositories, and package managers (e.g. Jenkins, GitLab, GitHub, Sonarqube, Snyk, etc.)
- Experience in or familiarity with Java, Python iOS, Android, JavaScript (NodeJS)
- Experience with the development, maintenance and tuning of browser security headers (e.g. CSP, HSTS, etc.)
Benefits + Perks:
- Full medical, dental, and vision insurance + OneMedical membership
- Healthcare and Dependent Care FSA
- Commuter benefits
- 401(k)
- Flexible PTO
- Fitness reimbursement
- Paid maternity/parental leave
We welcome qualified candidates of all races, creeds, genders, and sexuality to apply.
See our California Privacy Policy here.