Role Description We are currently seeking a Cloud Security Integration Engineer to join our organization in the United States. The Cloud Security Integration Engineer owns security integration activities for acquired companies, third-party platforms, and internal consolidations, ensuring new environments are onboarded to centralized EDR, CSPM, SIEM, and identity tooling against organizational baselines. Between integrations, the role manages cloud security posture across AWS, Azure, and GCP, supports incident response, and partners with DevOps on secure architecture. This role directly accelerates acquisition integration timelines while reducing security gap exposure across the growing multi-cloud footprint. Performance Objectives - Security Integration & Onboarding - Plan and execute security integration activities for acquired companies, third-party platforms, and internal consolidations, ensuring alignment with organizational security baselines. - Onboard new environments to centralized security tooling (EDR, CSPM/CNAPP, SIEM, vulnerability management); validate agent deployment, policy configuration, and telemetry coverage. - Coordinate identity integration including directory synchronization, Conditional Access deployment, SSO federation, and phishing-resistant authentication enrollment (FIDO2, passkeys). - Conduct security assessments of target environments during integration planning, identifying gaps across endpoint coverage, cloud posture, identity hygiene, and network segmentation. - Track remediation of findings from integration-phase vulnerability scans and penetration tests; coordinate with engineering teams to validate fixes within defined SLAs. - Produce integration status reports for security leadership covering risk posture, remediation progress, and milestones. - Security Engineering & Operations - Maintain and improve security tooling across endpoint, cloud, identity, and application security domains; support platform upgrades, policy tuning, and coverage gap analysis. - Manage cloud security posture across AWS (primary), Azure, and GCP environments, including misconfiguration remediation and security service configuration (GuardDuty, Security Hub, Config, Defender for Cloud). - Collaborate with DevOps and infrastructure teams on secure architecture patterns, IaC security reviews, and CI/CD pipeline controls. - Support incident response activities including investigation, containment, and post-incident documentation. - Participate in security architecture reviews for new projects, vendor integrations, and infrastructure changes; provide risk-based recommendations. Qualifications - Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or related field; equivalent professional experience accepted in lieu of degree. - 3-5 years of experience in cybersecurity, security engineering, or a closely related technical security role. - 3+ years hands-on experience with at least two of the following: EDR platforms, CSPM/CNAPP tooling, identity and access management (Entra ID or equivalent), cloud security services (AWS or Azure). - Demonstrated experience participating in system integration, platform migration, or M&A integration activities in a security capacity. - Working knowledge of at least one compliance framework (SOC 2, ISO 27001, NIST CSF, PCI-DSS) and its application during integration or audit activities. Requirements - Desired Certifications (one or more): AWS Certified Security – Specialty, AZ-500. - Ideal Certifications: SC-300, SC-100, SAA-C03, CCSP, CISSP, CCSK, CKS. Physical Demands - Ability to sit for long periods, work on a computer with repetitive motions and utilize devices typically found in an office environment. - Ability to communicate effectively with another person. - Regular and predictable attendance is required. - Ability to work in an office environment as required. - Travel requirements: as required for company needs. Benefits - Medical - Dental - Vision - Income Protection (disability, life/AD&D, critical illness, accident) - Employee Assistance Program (EAP) - Healthcare Spending Account (HSA), Commuter - Lifestyle & Wellbeing Program - Pet Insurance

About us Pomelo Care is the national leader in evidence-based healthcare for women and children. We deliver personalized, high-quality clinical interventions from reproductive care and pregnancy, infant care and pediatrics, to hormonal health through perimenopause and menopause, with long-term preventive care and condition management. Our model delivers 24/7 multispecialty care to address the medical, behavioral, and social factors that most significantly impact outcomes for women and children. We partner with payers, employers, and providers to expand access to quality healthcare across the system. What you'll do As our first Product Security Engineer, you will sit at the intersection of Security and Software Engineering. Reporting directly to the CISO, you will be a "Security Builder": embedded within our engineering teams with the autonomy needed to build the automation, tools, and workflows that make security a seamless part of the software development lifecycle. You aren't just finding bugs; you are building the systems that prevent and fix them at scale. Your work will be centered on three core strategic pillars: - Secure architecture and auth: you will design and implement auth enhancements such as magic link improvements and access/audit log features to monitor access and improve transparency. - Privacy engineering: you will lead the privacy engineering initiatives including DSAR integration, building automated data deletion capabilities directly into the Pomelo mobile app and our internal platform to ensure seamless compliance. You will also help improve privacy-preserving data de-identification and anonymization as needed. - Full-cycle remediation: you will own the end-to-end pentest-to-fix lifecycle. This means you don't just triage reports; you write the code to fix penetration test findings, remediate SAST issues, and build greenkeeping systems for high-volume dependency patching with regression testing. Beyond these pillars, you will serve as a high-leverage engineering partner to the broader InfoSec team by: - Building secure-by-default libraries: reducing the load on core Software Engineering by creating internal libraries and patterns that make security the default path. - Threat modeling: partnering with engineering leads to conduct threat modeling and ensure secure design at the earliest stages of the development process. - Scaling through collaboration: as a security resource embedded in our engineering teams, you will help engineering squads navigate complex security use cases, translating GRC requirements into elegant code rather than manual checklists. Who you are You’re an enthusiastic and collaborative engineer who enjoys solving meaningful problems through code. You view security as a product challenge, and you believe the best way to secure a system is to make the "secure way" the "easy way." In particular, you: - Are a builder first: Have 5+ years of software engineering experience with a strong foundation in computer science and a track record of shipping production-grade code (Python, Go, Kotlin or similar). - Have a security mindset: You understand the OWASP Top 10, identity flows and prompt injections, but you’d rather build a system that eliminates a class of vulnerability than manually triage individual alerts. You believe security expertise should be embedded into the development process, not bolted on at the end. - Are an automation enthusiast: you enjoy tackling complex problems with practical automation and are keeping up with trends in LLM agents to multiply your engineering impact. - Navigate ambiguity: as a floating resource across various engineering teams, you are comfortable context-switching and can quickly build rapport with different engineering teams to understand their needs. We’ll be super excited if you - Have experience with Google Cloud Platform (GCP), Github Advanced Security (GHAS), Stytch, Sentry, Fullstory, Statsig or similar technology stack. - Have prior experience in healthcare data, including understanding of HIPAA, SOC 2 Type 2 and HITRUST compliance requirements. - Have experience building data infrastructure that supports AI/ML workloads,internal developer platforms and privacy preserving data de-identification and anonymization techniques. - Have previously worked in a fast-paced, product-oriented startup environment. Why you should join our team By joining Pomelo, you will get in on the ground floor of a fast-moving, well-funded, and mission-driven startup that always puts the patient first. You will learn, grow and be challenged -- and have fun with your team while doing it. We strive to create an environment where employees from all backgrounds are respected. We also offer: - Competitive healthcare benefits - Generous equity compensation - Unlimited vacation - Membership in the First Round Network (a curated and confidential community with events, guides, thousands of Q&A questions, and opportunities for 1-1 mentorship) At Pomelo, we are committed to hiring the best team to improve outcomes for all mothers and babies, regardless of their background. We need diverse perspectives to reflect the diversity of problems we face and the population we serve. We look to hire people from a variety of backgrounds, including but not limited to race, age, sexual orientation, gender identity and expression, national origin, religion, disability, and veteran status. Our salary ranges are based on paying competitively for our company’s size and industry, and are one part of the total compensation package that also includes equity, benefits, and other opportunities at Pomelo Care. In accordance with New York City, Colorado, California, and other applicable laws, Pomelo Care is required to provide a reasonable estimate of the compensation range for this role. Individual pay decisions are ultimately based on a number of factors, including qualifications for the role, experience level, skillset, geography, and balancing internal equity. Given that this role is open to candidates of different skill levels, determining a salary range is challenging. A reasonable estimate of the current salary range is $175,000 to $200,000. We expect most candidates to fall in the middle of the range. #LI-Remote Potential Fraud Warning Please be cautious of potential recruitment fraud. With the increase of remote work and digital hiring, phishing and job scams are on the rise with malicious actors impersonating real employees and sending fake job offers in an effort to collect personal or financial information. Pomelo Care will never ask you to pay a fee or download software as part of the interview process with our company. Pomelo Care will also never ask for your personal banking or other financial information until after you have signed an offer of employment and completed onboarding paperwork that is provided by our People Operations team. All official communication with Pomelo Care People Operations team will come from domain email addresses ending in @pomelocare.com. If you receive a message that seems suspicious, we encourage you to pause communication and contact us directly at careers@pomelocare.com to confirm its legitimacy. For your safety, we also recommend applying only through our official Careers page. If you believe you have been the victim of a scam or identity theft, please contact your local law enforcement agency or another trusted authority for guidance.

Flex is a growth-stage, NYC headquartered FinTech company that is creating the best rent payment experience. It’s hard to believe that it’s 2026 and paying rent on time is expensive, inflexible, and difficult. We’re here to change that! Flex enables our users to pay rent throughout the month on a schedule that better fits their finances and budget. Our mission is to empower as many renters as possible with flexibility over their most significant recurring expense. After deliberately keeping a stealth profile as we built up unprecedented investor support and an enthusiastic user base, we are looking for motivated individuals to help us keep our mission growing. Will you be a part of the team? About the Role Flex is looking for a Senior Security Engineer to support product security across our fintech platform. You'll be part of our product security focus on a lean, high-impact security team — partnering directly with product and engineering teams across Housing, Control Center, and Platform to ensure security is built in from design through deployment. This role reports to the Head of Security. What You'll Do - Own product security reviews end-to-end: threat modeling, security architecture review, and design consultation for new features and services - Lead security design reviews for Flex's payment processing, account management, and partner integration platforms - Drive the secure development lifecycle (SDLC) across engineering teams — shifting security left through tooling, process, and education - Perform application security assessments, code review, and penetration testing for critical product surfaces - Respond to and investigate complex security incidents; lead post-incident analysis and remediation - Build security automation and tooling to scale product security reviews (AI-assisted review tools, SAST/DAST pipeline integration) - Translate complex security concepts for cross-functional stakeholders and drive security adoption across product and engineering - Contribute to security standards, frameworks, and architectural patterns that guide organization-wide practices What You'll Bring Must Have: - 5+ years of experience in application security, product security, or security engineering - Proven experience with threat modeling frameworks (STRIDE, DREAD, attack trees) applied to real production systems - Strong application security skills: OWASP Top 10, API security, authentication/authorization design, secure coding practices - Experience conducting security code reviews and penetration testing - Proficiency with cloud security in AWS environments - Strong understanding of compliance frameworks relevant to fintech (SOC 2, PCI DSS, NYDFS) - Ability to own security projects from conception to completion with minimal oversight - Excellent written and verbal communication — ability to translate security risk into business impact Nice to Have: - Experience in fintech, payments, or financial services - Experience building or operating security automation tools (SAST/DAST, security review tooling) - Security Champions program development experience - Relevant certifications (OSCP, GWAPT, CISSP, or equivalent) - Experience with bug bounty program management - Familiarity with AI/ML security considerations (prompt injection, agent identity, credential isolation) Why This Role - Dedicated product security engineer — excellent opportunity to define how product security works at Flex - Direct executive visibility: this role's work is a CTO/CRO priority - Small team, outsized impact: 4-person security team supporting 100+ engineers - Strong AI-forward culture: team has shipped AI-powered security review tools and embraces engineering tooling innovation - Distributed team with async-first culture Flex takes a market-based approach to pay, and compensation may vary depending on your primary work location. Work locations are categorized into one of three tiers based on a cost of labor index for that geographic area. The successful candidate’s starting pay will be commensurate with their experience, qualifications, and Flex’s internal leveling guidelines and benchmarks. - Tier A (NYC/SF): $156,000—$195,000 USD - Tier B: $140,400—$175,500 USD - Tier C: $132,600—$165,750 USD #LI-Remote Life at Flex: We understand that it takes a diverse team of highly intelligent, curious, determined, empathetic, and self aware people to grow a successful company. Our HQ is located in New York City, but we have employees located throughout the US, Australia, Canada and South America. We are growing quickly, but deliberately, with a focus on building an inclusive culture. Our dynamic team has incredible perspectives to share, just as we know you do, and we take great pride in being an equal opportunity workplace. We offer many employee benefits & perks. For full-time U.S based positions we offer: - Competitive medical, dental, and vision available from Day 1 - Company equity - 401(k) plan with company match (our company match kicks off at the beginning of 2026) - Unlimited paid time off + 13 company paid holidays - Parental leave - Flex Cares Program - Free Flex subscription For full time non-US employees, we offer - Competitive compensation + company equity - Unlimited PTO

• Plan, develop, implement, and update the company’s information security strategy for infrastructure and software development. • Develop, execute and track the performance of security measures to protect information and network infrastructure and computer systems. • Identify, define and document system security requirements and recommend solutions to management. • Configure, troubleshoot and maintain security infrastructure, software and hardware. • Install software that monitors systems and networks for security breaches and intrusions. • Monitor systems for irregular behavior and set up preventive measures. • Educate and train staff on information system security best practices for software development. • Ensure processes are followed and effective technical feasibility analysis is conducted when developing solutions