Staff Engineer, Security

Grow Therapy is on a mission to serve as the trusted partner for therapists growing their practice, and patients accessing high-quality care. Powered by technology, we are a three-sided marketplace that empowers providers, augments insurance payors, and serves patients. Following the mass increase in depression and anxiety, the need for accessibility is more important than ever. To make our vision for mental healthcare a reality, we’re building a team of entrepreneurs and mission-driven go-getters.

Since launching in February 2021, we’ve empowered more than ten thousand therapists and hundreds of thousands of clients across the country and insurance landscape. We’ve raised more than $328

Mm in funding, including our Series D, at a $3B valuation from Sequoia Capital, Transformation Capital, TCV, Signal Fire, Menlo Ventures, Goldman Sachs Alternatives, and others.

We're looking for a Staff Security Engineer to serve as the technical backbone of our Security Engineering function at Grow Therapy. You'll be the most senior hands-on engineer on the Security team — equal parts strategist and builder — responsible for shaping and executing a multi-year Security roadmap that protects our customers, enables our engineering organization, and helps Grow scale with trust at its core.

Reporting into the Head of Security and collaborating closely with our VP of Engineering, you'll work across Product, Platform, Cloud, Compliance, Clinical, and beyond. This isn't a siloed security role: it's an opportunity to architect the secure-by-default foundation that every team at Grow builds on — and to influence how security culture is practiced, democratized, and celebrated across the company.

• Define and drive the Security Engineering North Star. Lead the development of a consolidated, multi-year Security Engineering vision — conducting gap analyses, aligning with key stakeholders, and translating strategy into an executable roadmap that teams across the organization can rally behind.
• Lead the charge on AI-native Security: Security sits within Grow’s Internal Foundations pillar, which is building company-wide infrastructure to support AI adoption. We build AI tools Security, Engineering, and the company ’ll be in an incredible position to influence safe and thoughtful adoption of AI tooling at the enterprise level.
• Build secure-by-default infrastructure. Design, build, and roll out foundational security services — including unified authentication, authorization, audit logging, and egress control — so that engineering teams can build fast without compromising on security.
• Own data security at scale. Drive systematic data tagging across Grow's production data models, aligning with our Data Classification Policy to ensure every datastore is compliant with security controls and observable by the teams who own it.
• Champion security visibility and accountability. Build company-wide security scorecards so every team has a clear, real-time view of their security posture — turning security from a periodic audit into a continuous, embedded practice.
• Enable and empower the engineering organization. Partner deeply with engineering, platform, and product teams to deliver high-leverage, secure-by-default services — reducing the burden on individual teams while raising the security floor across Grow. Drive automated Least Privilege and systematic Vulnerability Management as org-wide capabilities.

• deep, multi-domain security expertise — you've operated meaningfully across Product Security, Cloud Security, Data Security, Access Governance, and/or Detection & Response, and you know how to connect the dots between them.
• recent, hands-on engineering experience — you're comfortable writing code, contributing to security infrastructure, and doing system design reviews, not just advising from the sidelines.
• built security programs at scale — you've designed and shipped org-wide processes like Security Review, Secure Design, Security Champions, and Security Metrics Reporting at a previous company.
• clear, compelling communicator — you can present security strategy and risk to non-technical…