Product Security Engineer

San Francisco, CA, US • Posted 6 days ago • Updated 12 hours ago
Full Time
On-site
USD $180,000.00 - 258,000.00 per year
Fitment

Dice Job Match Score™

🔗 Matching skills to job...

Job Details

Skills

  • Credit Cards
  • Payment Processing
  • Management
  • Insurance
  • Medical Billing
  • Data Science
  • Dash Python
  • Machine Learning (ML)
  • Videoconferencing
  • Venture Capital
  • Angel
  • Innovation
  • Health Care
  • Blogging
  • Product Engineering
  • Continuous Integration
  • Continuous Delivery
  • Threat Modeling
  • Architectural Design
  • Software Development Methodology
  • SCA
  • Workflow
  • Vulnerability Management
  • IaaS
  • Training
  • Incident Management
  • ROOT
  • Supply Chain Management
  • Open Source
  • Software Engineering
  • Security Engineering
  • Software Security
  • Programming Languages
  • Python
  • Java
  • JavaScript
  • Cloud Architecture
  • Microservices
  • Kubernetes
  • Amazon Web Services
  • Google Cloud
  • Google Cloud Platform
  • Microsoft Azure
  • OWASP
  • Collaboration
  • Apache Velocity
  • Conflict Resolution
  • Problem Solving
  • Analytical Skill
  • Terraform
  • Authentication
  • Authorization
  • OAuth
  • OIDC
  • Regulatory Compliance
  • System On A Chip
  • ISO/IEC 27001:2005
  • HIPAA
  • Market Analysis
  • Sales

Summary

What we do

We're fixing one of the most broken and costly pieces of the US healthcare system: medical billing.

Today, healthcare providers spend over $250B each year on administrative overhead just to get paid by insurance. Medical billing is expensive because it's nuanced and hard - maybe ~100x harder than credit card payment processing - and because it's traditionally done by armies of humans who track and manage complex rules and processes specific to individual insurance companies with little or no supporting software. We're rethinking medical billing from the ground up, building software backed by best-in-class data science (and, soon, a dash of machine learning) to automate much of this complexity so healthcare providers can get paid dramatically more easily and inexpensively.

We were in the Y Combinator W20 batch and have since been well funded by a world-class group of funds (8VC, First Round Capital, BoxGroup, Oak HC/FT) + angel investors. We're now helping our customers treat opioid addiction, provide holistic care for women, lose weight, increase access to mental health care, and much more. This is such important and gratifying work; we can't wait for you to join our team and help support some of the most important innovation happening in healthcare today!

Curious to learn more about our story? Check out this blog post written by our founders.

Role Overview

We are looking for a Product Security Engineer to join our team and act as a champion for security within our product engineering organization. You will be responsible for ensuring our products are designed, developed, and maintained with security as a core pillar. You will work in partnership with development squads to perform threat modeling, guide secure architecture decisions, and automate security gates in our CI/CD pipelines.

Key Responsibilities
  • Security by Design: Lead threat modeling sessions during the architectural design phase of new features to identify potential risk vectors early.
  • Secure Development Lifecycle (SDLC): Drive the adoption of "Shift Left" security practices, integrating security tooling (SAST, DAST, SCA) directly into developer workflows.
  • Vulnerability Management: Triage, prioritize, and partner with engineering teams to remediate vulnerabilities found in code, third-party libraries, and cloud infrastructure.
  • Security Tooling & Automation: Build, maintain, and tune security automation tools to reduce friction for developers while maintaining high-security standards.
  • Secure Coding Standards: Develop and deliver training, coding patterns, and security guardrails to help engineering teams build resilient, secure-by-default products.
  • Incident Response Support: Assist in identifying the root cause of security incidents related to product features and contribute to post-incident remediation and architectural improvements.
  • Supply Chain Security: Build out processes and automation to ensure the security of open-source dependencies.
Required Qualifications
  • Experience: 5+ years of experience in software engineering or security engineering, specifically focusing on product security or application security.
  • Technical Skills:
    • Proficiency in one or more programming languages (e.g., Python, Go, Java, or JavaScript).
    • Deep understanding of modern web/cloud architecture (e.g., APIs, Microservices, Kubernetes, AWS/Google Cloud Platform/Azure).
    • Familiarity with the OWASP Top 10 and common exploitation techniques.
  • Collaboration: Proven ability to influence and collaborate with engineering teams without hindering development velocity.
  • Problem Solving: Strong analytical skills to evaluate complex systems and design innovative, practical security solutions.
Preferred Skills (Nice to Have)
  • Experience with Infrastructure as Code (IaC) security (e.g., Terraform, CloudFormation).
  • Experience in designing cryptographic implementations or secure authentication/authorization flows (e.g., OAuth, OIDC, JWT).
  • Knowledge of compliance frameworks relevant to our industry (e.g., SOC2, ISO27001, HIPAA).

Pay Transparency

The estimated starting annual salary range for this position is $180,000 - 258,000 USD. The listed range is a guideline from Pave data, and the actual base salary may be modified based on factors including job-related skills, experience/qualifications, interview performance, market data, etc. Total compensation for this position may also include equity, sales incentives (for sales roles), and employee benefits. Given Candid Health's funding and size, we heavily value the potential upside from equity in our compensation package. Further note that Candid Health has minimal hierarchy and titles, but has broad ranges of experience represented within roles.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.
  • Dice Id: 80184460
  • Position Id: 46b425be786464de82b8a65c96e53c09
  • Posted 6 days ago
Create job alert
Set job alertNever miss an opportunity! Create an alert based on the job you applied for.

Similar Jobs

Remote or San Francisco, California

Today

Full-time

USD 187,000.00 - 260,000.00 per year

San Francisco, California

Today

Full-time

USD 165,000.00 - 230,000.00 per year

San Francisco, California

Today

Full-time

USD 170,000.00 - 190,000.00 per year

San Francisco, California

Today

Full-time

USD 264,000.00 - 300,000.00 per year

Search all similar jobs