Product Security Engineer

The Role

U.S. healthcare is frustrating and deeply flawed. Cedar’s mission is to drive better outcomes for everyone involved, including providers, insurance companies and the people they serve. At a time when consumer-friendly healthcare experiences are more critical than ever, our platform is uniquely equipped to solve problems that lead to billing issues and administrative waste.

The Product Security team at Cedar combines deep application security expertise with software development in order to help build our patient-focused solutions efficiently and safely. As a Product Security Engineer at Cedar, you will work with an inquisitive, diverse, and experienced team on a platform that is rapidly scaling. You’ll help solve problems that matter, affecting tens of millions of patients annually.

Our core tenets include using good judgment and having the autonomy to be successful. Your role will be to assess risk across the company and make decisions about the risk we should prioritize. On an average day you might participate in a security-focused design review, write code to create new security tooling, or create educational materials to improve security awareness across the company. At Cedar, we don’t require experience with particular languages, but deep familiarity with modern and industry-standard technologies in our tech stack is always a plus.

About You

• You’re an application security engineer who prioritizes addressing security challenges with technology, not process
• You have a demonstrated history of enabling software developers with actionable security guidance
• You’re comfortable communicating security risks and controls to technical and non-technical partners
• You have experience with security code review, threat modeling or security architecture reviews. You can identify vulnerability paths, explain how they could be exploited, and are familiar with options for mitigation.
• You have a working proficiency with a general-purpose programming language (ideally Python)

Bonus Points if you have

• Familiarity with HIPAA, PCI, and the unique considerations around securing health and payments data
• Experience creating developer focused security tooling or libraries
• Participation in security capture-the-flag events

Responsibilities

• Support services and tools that help product and platform engineers build, deploy, and maintain Cedar products safely and efficiently.
• Serve as a Security Partner for multiple engineering teams across the SSDLC, evangelizing security and helping threat model features, bake security into designs, and review code and implementations
• Contribute to security automation projects, such as static analysis, vulnerability management, and asset inventory

Applicants must be currently authorized to work in the United States on a full-time basis.

Compensation Range and Benefits

• Salary/Hourly Rate Range*: $157,250 - $185,000
• This role is equity eligible
• This role offers a competitive benefits and wellness package

*Subject to location, experience, and education

#LI-CR1

#LI-REMOTE