Software Engineer - Product Security , NY; Remote, US; Hub

What You’ll Do Security Platform Engineering

• Design and implement scalable infrastructure supporting HIPAA, SOC 2, and ISO 27001 compliance
• Build and maintain systems for identity, authentication, and access management (Okta / GCP IAM / Auth0/ OPA)
• Implement observability and anomaly detection across microservices, data stores, and SaaS platforms
• Establish Zero Trust principles and enforce least‑privilege access company‑wide
• Develop compliance observability dashboards and automated evidence collection

• Create self‑service security tools that integrate with developer workflows (Git Lab CI/CD, Terraform)
• Automate onboarding/offboarding, access reviews, and approvals
• Integrate software‑supply‑chain security (SBOM, dependency scanning)
• Develop or adopt AI‑assisted security tooling to proactively identify risks
• Automate policy enforcement, SAST/DAST scans, and compliance verification

• Lead threat modeling and security architecture reviews for new products and services
• Partner with product and data teams to embed secure‑by‑default design patterns
• Ensure encryption, access tracking, and secure data handling across PHI workflows
• Contribute to incident response, post‑mortems, and continual improvement of security posture
• Act as Maven’s technical authority for security engineering
• Mentor peers and promote secure coding and architecture practices
• Partner cross‑functionally (Engineering, Compliance, Clinical, Legal) to align on security strategy
• Champion an engineering culture of transparency, accountability, and continuous improvement

• 8+ years of software engineering experience, including 3+ in security infrastructure or application security
• Proven ability to design and implement large‑scale, distributed, cloud‑native systems
• Strong coding proficiency in Python, Type Script, Go and/or Rust
• Deep understanding of cloud security (GCP preferred; AWS/Azure welcome)
• Experience with Kubernetes, containers, and infrastructure‑as‑code (Terraform)
• Familiarity with security testing frameworks and secure SDLC principles
• Excellent communication and documentation skills

• Expertise in Zero Trust architectures, authentication/authorization frameworks, and data‑loss prevention
• Experience with security compliance automation (SOC 2, ISO 27001, PCI‑DSS, NIST)
• Background in data security telemetry and threat detection
• Familiarity with AI/ML security and AI‑assisted analysis tools
• Exposure to supply‑chain security and CI/CD pipeline hardening
• Certifications (CISSP, GCP Professional Cloud Security Engineer, OSCP) a plus

• You take a pragmatic, automation‑first approach to solving security problems
• You balance rigor with velocity, enabling teams to move quickly without compromising trust
• You communicate clearly with both technical and non‑technical stakeholders
• You’re curious, adaptable, and eager to lead initiatives from concept to production
• You care deeply about our mission—building safer, smarter healthcare for women and families

The base salary range for this role is $221,000 - $260,000 per year. You will also be entitled to receive equity and benefits. Individual pay decisions are based on a number of factors, including qualifications for the role, experience level, and skillset.

• Maven for Mavens: access to the full platform and specialists, including care for mental health, reproductive health, family planning and pediatrics.
• Whole‑self care through wellness partnerships
• Hybrid work, in office meals, and work together days
• 16 weeks 100% paid parental leave and new parent stipend (for Mavens who've been with us for 1 year+)
• Annual professional development stipend and access to a personal career coach through Maven for Mavens
• 401K matching for US‑based employees, with immediate vesting

Maven is an affirmative action and equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, disability, age, sexual orientation, gender identity, national origin, veteran status, or genetic information. Maven is committed to providing access, equal opportunity and reasonable accommodation for individuals with disabilities in employment, its services, programs, and activities. Maven Clinic interview requests and job offers only originate from an  email address (e.g

). Maven Clinic will never ask for sensitive information to be delivered over email or phone. If you receive a scam issue or a security issue involving Maven Clinic please notify us at:  . For general and additional inquiries, please contact us  .