Senior Security Engineer (Cloud & Infrastructure Security) - Thirty Madison : Job Details

Remote, US

As a Senior Security Engineer, you will be working alongside an existing team of experienced security engineers and partnering closely with technologists across the company to help build digital health security and protect our patients here at Thirty Madison! We serve our patients from start to finish, and security works the same way, all the way from the deepest infrastructure to the patient experience, we want our patients to be safer by being with Thirty Madison. Above all, you embody the Thirty Madison mission of providing access to healthcare for all who suffer from chronic conditions.

• The base pay range for this position is $159,200 - $218,900 per year
• Robust and affordable Medical, Dental, and Vision plan options
• 401(k) with a match, commuter benefits, and FSA
• Annual $750 vacation stipend and $500 happiness stipend
• Flexible time off policy

Base pay offered may vary depending on job-related knowledge, skills, and experience. An annual incentive plan and stock options may be provided as part of the compensation package, in addition to a full range of medical, financial, and/or other benefits, dependent on the position offered.

• Design and build the security for the future of our infrastructure
• Partner with the infrastructure team, engineering team, compliance team and within security teams to maintain and further improve our cloud security posture management and help deliver secure products and services for our patients and doctors
• Take care of real world problems and challenges related to infrastructure security and implement sustainable solutions
• Create solutions and processes to identify, resolve and mitigate security vulnerabilities and risks
• Research threats and attack vectors that impact Thirty Madison's applications and infrastructure
• Devise and bolster defense-in-depth through secure-by-default frameworks, architectures and processes
• Define and maintain key KPIs for a healthy infra/cloudSec program
• Detect and respond to security incidents and participate in an incident on-call rotation for critical and non-critical alerts

• Experience with SIEM, EDR, and CSPM tools (Wiz, SentinelOne, Island)
• Experience in cloud security, especially for AWS, anything to do with IAM, secure configuration of services, AWS native security services like AWS Cloudtrail, SCP's, AWS Org, Config etc
• Kubernetes Security Expertise: Deep understanding of Kubernetes security, including secure deployments, network policies, S2S authentication & authorization, RBAC, workload identity, admissions controllers, and runtime security
• Expertise responding to complex incidents across endpoint, network, and cloud as well as experience being an Incident Commander/Responder
• Capable of understanding an unfamiliar system enough to successfully respond to an incident involving the system
• Experience with Infrastructure as Code. We use Terraform
• Ability to understand the whole solution, not just the technology
• Focus on the end to end lifecycle of solving a problem and solutioning for it and not just implementing a security technology
• Have a well-rounded view for problem solving and a deep care for the patient and your fellow employees' experience as you surpass security challenges
• Hunger to drive decision making, collaboration and to have deeper opinions on security design

All Company policies and procedures are subject to change without notice based on business needs.

Thirty Madison is a family of specialized healthcare brands devoted to creating exceptional outcomes for all. Each of its specialized brands is focused on a specific ongoing condition, and thoughtfully designed to support the unique needs of its community with personalized treatments and care; with Keeps for men's hair loss, Cove for migraine, Facet for skin conditions, and NURX for sexual health. With empathy at the heart of its innovation, its proprietary care model empowers hundreds of thousands of people with ongoing conditions with the accessible, effective treatments across a lifetime of care. In just four years, we've built a number of brands and are continuing to grow rapidly, recently raised a $140m Series C, and are backed by some of the best healthcare and consumer investors.

We are proud to be an equal opportunity workplace committed to building a team culture that celebrates diversity and inclusion.