Senior Software Engineering Manager, Product Security Operations

Overview

Senior Software Engineering Manager, Product Security – Lead the development of scalable security solutions for HIPAA compliance at WHOOP.

Location:

Boston

Job Tags:
Operations

About

The Role

At WHOOP, we're on a mission to unlock human performance and healthspan. WHOOP empowers members to perform at a higher level and live longer through a deeper understanding of their bodies and daily lives. Protecting our members' data and ensuring our systems scale securely and reliably is core to this mission.

As a Senior Software Engineering Manager at WHOOP, you will play a critical leadership role as part of our cross-functional Platform organization. You will build, lead, and grow multiple teams responsible for protecting the security and privacy of our members by driving secure development practices, managing product-facing security programs, and building scalable security solutions.

In addition to core product security responsibilities, you will be responsible for collaborating closely with cross-functional partners across Product, Software, Legal, and Compliance to achieve and maintain HIPAA compliance across WHOOP's products and infrastructure. We are seeking a leader with prior experience helping an organization transition into HIPAA-compliant standards, capable of aligning technical execution with regulatory and business objectives.

On the people management side, you will manage and mentor a team of engineers, provide regular performance feedback, and ensure professional development and growth. You will work to foster a culture of innovation, teamwork, psychological safety, and continuous learning. You are responsible for promoting a positive work environment where all team members feel valued, supported, and empowered to do their best work.

Responsibilities

• Build, lead, and grow multiple engineering teams executing on WHOOP's product security strategy, including member authentication, vulnerability management, cloud governance, privacy rights fulfillment, and threat modeling.

• Oversee and drive WHOOP's engineering readiness for HIPAA compliance, coordinating technical implementation, evidence collection, and ongoing governance activities across teams.

• Define and communicate long-term security strategy, architecture, and design principles for product-facing systems.

• Partner with engineering and compliance leadership to embed security and privacy by design across the software development lifecycle.

• Establish and enforce best practices, standards, and processes for secure software development, testing, and deployment.

• Drive continuous improvement initiatives that enhance team productivity, quality, and overall business impact.

• Provide mentorship, guidance, and career development for engineering managers and individual contributors.

• Foster a culture of innovation, teamwork, psychological safety, and continuous learning within the Product Security organization.

Qualifications

• Proven experience as a technical leader managing multiple teams or a growing security engineering organization.

• Experience growing high level individual contributor career growth at the staff level or higher.

• Demonstrated success leading security or compliance initiatives in a regulated environment, preferably HIPAA or other health data compliance frameworks.

• Deep understanding of product security principles, including vulnerability management, data privacy, threat modeling, and secure software development.

• Experience building or integrating developer security tooling to improve secure-by-default practices.

• Strong technical background in software development, testing, and deployment processes.

• Excellent communication, interpersonal, and leadership skills with the ability to influence across teams and levels.

Bonus Qualifications

• Experience with AWS cloud environments and data-driven decision-making.

• Hands-on experience with infrastructure and cloud security in containerized environments (e.g., Docker, Kubernetes).

• Background in incident response and post-mortem analysis for security events.

• Familiarity with automation frameworks for vulnerability scanning, compliance checks, or infrastructure security.

•…