Our mission is to revolutionize healthcare by building accessible, impactful, and trusted care that people want.
Senior Security Engineer, Enterprise SaaS
Location
Indiana + 1 moreAll locations: Indiana | New York
Posted
45 days ago
Salary
$153.4K - $186K / year
Seniority
Senior
Job Description
Senior Security Engineer, Enterprise SaaS
Ro
Ro is a direct-to-patient healthcare company with a mission of helping patients achieve their health goals by delivering the easiest, most effective care possible. Ro is the only company to offer nationwide telehealth, labs, and pharmacy services. This is enabled by Ro's vertically integrated platform that helps patients achieve their goals through a convenient, end-to-end healthcare experience spanning from diagnosis, to delivery of medication, to ongoing care. Since 2017, Ro has helped millions of patients in nearly every single county in the United States, including 99% of primary care deserts. Ro is consistently recognized as a top workplace in Health Care, in New York, and for Women and Parents—earning more than 20 honors from Fortune, Great Place to Work, and PEOPLE since 2021. In 2025 alone, we ranked top 5 among medium workplaces in Health Care and New York, and top 50 nationwide. The RoleAs a Senior Security Engineer, Enterprise SaaS, you’ll serve as Ro’s hands-on technical lead and builder for SaaS security posture management (SSPM) and data loss prevention (DLP). You’ll define the standards, automation, and monitoring that keep our SaaS platforms secure, compliant, and reliable as the business scales. This role blends architecture with execution: you’ll engineer hands-on solutions and automated workflows while guiding how Ro integrates, governs, and secures numerous SaaS services across the enterprise. You’ll partner across Security Operations, IT, GRC, and Product Security to shape a unified SaaS security strategy that keeps our people productive and patient data protected. What You’ll Do - Own the architecture, implementation, and continuous improvement of Ro’s SSPM and DLP platforms driving security maturity across our robust SaaS landscape. - Define and evolve SaaS security standards, access models, and configuration baselines that balance control with business agility. - Engineer the SaaS lifecycle: Build scalable SaaS lifecycle automations, ranging from posture monitoring and alerting to end-to-end remediation workflows using Tines or similar orchestration platforms. - Partner across teams to embed SaaS security into identity management, onboarding/offboarding, and vendor risk processes. - Collaborate with Security Operations to investigate SaaS-related alerts, ensuring rapid, documented, and systemic remediation. - Lead the integration of SaaS controls into SIEM and SOAR systems (e.g., Splunk, Tines), ensuring actionable telemetry and streamlined response. - Contribute to compliance alignment, ensuring SSPM and DLP controls satisfy HIPAA,HITRUST and SOC 2 requirements. - Mentor peers and share expertise across Security and IT teams, elevating overall SaaS security awareness and discipline. What You’ll Bring - 5+ years of experience in Security Engineering or Cloud Security roles, with expertise in SaaS ecosystems, automation, and data protection. - Proven success implementing and managing SSPM and DLP technologies such as AppOmni, Obsidian, BetterCloud, Nightfall, Netskope, etc. - A sharp analytical mindset with the ability to ask the right questions to uncover hidden risks, coupled with the judgment to rationalize complex SaaS features against security policies and risk tolerance. - Demonstrated experience integrating SaaS controls into SIEM/SOAR systems and automating detection, response, and reporting. - Working knowledge of data classification, privacy, and governance frameworks relevant to healthcare or regulated industries. - Excellent communication and collaboration skills — able to influence both technical and executive stakeholders. - A builder’s mindset — practical, automation-oriented, and focused on delivering scalable, measurable outcomes. - Bonus: direct experience supporting HIPAA, HITRUST or SOC 2 compliance, or prior work securing cloud-first healthcare or fintech environments. We’ve Got You Covered - Full medical, dental, and vision insurance + OneMedical membership - Healthcare and Dependent Care FSA - 401(k) with company match - Flexible PTO - Wellbeing + Learning & Growth reimbursements - Paid parental leave + Fertility benefits - Pet insurance - Student loan refinancing - Virtual resources for mindfulness, counseling, and fitness The target base salary for this position ranges from $153,400 to $186,000, in addition to a competitive equity and benefits package (as applicable). When determining compensation, we analyze and carefully consider several factors, including location, job-related knowledge, skills and experience. These considerations may cause your compensation to vary. Ro recognizes the power of in-person collaboration, while supporting the flexibility to work anywhere in the United States. For our Ro’ers in the tri-state (NY) area, you will join us at HQ on Tuesdays and Thursdays. For those outside of the tri-state area, you will be able to join in-person collaborations throughout the year (i.e., during team on-sites). At Ro, we believe that our diverse perspectives are our biggest strengths — and that embracing them will create real change in healthcare. As an equal opportunity employer, we provide equal opportunity in all aspects of employment, including recruiting, hiring, compensation, training and promotion, termination, and any other terms and conditions of employment without regard to race, ethnicity, color, religion, sex, sexual orientation, gender identity, gender expression, familial status, age, disability and/or any other legally protected classification protected by federal, state, or local law. Ro is committed to providing reasonable accommodations for qualified individuals with disabilities in our application and interview process. If you require a reasonable accommodation in the application or interview process, please contact us at talent@ro.co. See our California Privacy Policy here.
Benefits
- 401(K), 401(K) matching, Adoption Assistance, Commuter benefits, Company equity, Company-sponsored outings, Continuing education stipend, Dedicated diversity and inclusion staff, Dental insurance, Disability insurance, Diversity manifesto, Volunteer in local community, Family medical leave, Fitness stipend, Flexible Spending Account (FSA), Flexible work schedule, Generous parental leave, Generous PTO, Company-sponsored happy hours, Health insurance, Highly diverse management team, Open door policy, Life insurance, Charitable contribution matching, Mean gender pay gap below 10%, Paid volunteer time, Open office floor plan, Paid holidays, Paid sick days, Partners with nonprofits, Pet friendly, Pet insurance, Promote from within, Remote work program, Return-to-work program post parental leave, Free snacks and drinks, Team based strategic planning, Mandated unconscious bias training, Unlimited vacation policy, Vision insurance, Wellness programs, Some meals provided, Mental health benefits, Diversity employee resource groups, Hiring practices that promote diversity, Fertility benefits, Employee resource groups, Employee-led culture committees, Transgender health care benefits, Abortion travel benefits, Mother's room, Flexible time off, Bereavement leave benefits, Company-wide vacation
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
• Engineer, implement, and monitor security measures to protect the enterprise • Configure and troubleshoot security infrastructure devices • Regularly review configurations and develop improvement plans • Develop technical solutions and new security tools to help mitigate security findings • Write comprehensive reports including assessment-based findings, outcomes and recommendations for security enhancement. • Work closely with Enterprise IT teams on securing Wex's infrastructure and applications • Mentor other engineers both technically and professionally
Line of Service Internal Firm Services Industry/Sector Not Applicable Specialism IFS - Information Technology (IT) Management Level Senior Associate Job Description & Summary Una carrera en Seguridad de la Información te brindará la oportunidad de desarrollar y respaldar nuestras tecnologías y servicios de seguridad internos en toda la red global de PwC. Te enfocarás en estar a la vanguardia del diseño, desarrollo e implementación de tecnologías de la información, incluyendo hardware, software y redes que mejoran la seguridad de nuestros datos, redes y protegen los activos intelectuales de la firma. Calificaciones Básicas: Título mínimo requerido: Diploma de escuela secundaria Años mínimos de experiencia: 4 años. Conocimientos/Habilidades preferidos: Demuestra habilidades y/o un historial comprobado de éxito como líder de equipo para: -Servicios y Programas de Seguridad: Validar o capturar la intención de los esfuerzos de trabajo mediante entrevistas con especialistas e inspección de artefactos Cuestionar supuestos sobre los beneficios y resultados esperados de los esfuerzos y entregables Buscar respuestas a preguntas que abarcan diferentes grupos de interés y equipos Escalar obstáculos para obtener respuestas y contenido completos Mantener un seguimiento detallado de tareas, reuniones, remediación y responsables Proporcionar evaluaciones objetivas y recomendaciones para mejoras - Demostrar conocimiento suficiente sobre temas de seguridad, herramientas del mercado y su uso en entornos globales para poder entrevistar especialistas en seguridad y revisar artefactos de seguridad - La participación en evaluaciones, auditorías o inspecciones de tecnologías de seguridad es un plus - Conducir reuniones, incluyendo la gestión de participantes con puntos de vista fuertes, cuestionando posiciones de manera respetuosa, haciendo preguntas de seguimiento para aclarar respuestas y detectando desconexiones o brechas en las respuestas - Demostrar capacidad para avanzar y tomar acciones cuando se enfrenta a la ambigüedad - Demostrar la habilidad para ponerse al día rápidamente en temas de seguridad y tecnología y colaborar con especialistas en esfuerzos de inspección - Participar y apoyar recursos Lean y Six Sigma en actividades que van desde sesiones de Voz del Cliente, creación de flujos de valor, recorridos del cliente y análisis de sentimiento - Entregar comunicaciones adaptadas a las audiencias, ajustando los mensajes según la dinámica del grupo. -Experiencia en mejora de procesos. -Protocolos de red IP, VPN, Firewalls y DNS -Experiencia trabajando con uno o más proveedores de servicios en la nube: Azure, AWS (preferido) -Capacidad para trabajar e interactuar con diversos contenidos de API Habilidades comprobadas utilizando Python y Bash E-xperiencia trabajando con herramientas de automatización y orquestación como ADO Pipelines, Ansible, Git y/o Terraform -Conocimiento práctico de Firewalls de próxima generación PaloAlto Características de la posición: - nglés profesional / bilingüe. - Modalidad remoto. Todas las personas calificadas serán consideradas para trabajar en PwC sin importar etnia; credo; color; religión; nacionalidad; edad; discapacidad; neurodiversidad; orientación sexual; identidad o expresión de género; estado civil, o cualquier otra condición protegida por la ley. PwC se enorgullece de ser una organización inclusiva y brindar igualdad de oportunidades. -Comprender la importancia de una correcta gestión de la información -Conocimientos de Seguridad de la Información y Protección de Datos -Gestión correcta de la Seguridad de la Información Education (if blank, degree and/or field of study not specified) Degrees/Field of Study required: Degrees/Field of Study preferred: Certifications (if blank, certifications not specified) Required Skills Firewalls, IP Networks, Microsoft Azure Optional Skills Accepting Feedback, Accepting Feedback, Active Listening, Analytical Thinking, Azure Data Factory, Communication, Creativity, Cybersecurity, Cybersecurity Governance, Data Architecture, Data Archiving, Data Flow Mapping, Data Privacy Act, Embracing Change, Emotional Regulation, Empathy, Enterprise Content Management, Incident Response Plan, Inclusion, Information Rights Management (IRM), Information Security, Information Security Governance, Information Security Management System (ISMS), Intellectual Curiosity, IT Infrastructure {+ 11 more} Desired Languages (If blank, desired languages not specified) English Travel Requirements 0% Available for Work Visa Sponsorship? No Government Clearance Required? No Job Posting End Date
At Allstate, great things happen when our people work together to protect families and their belongings from life’s uncertainties. And for more than 90 years, our innovative drive has kept us a step ahead of our customers’ evolving needs. From advocating for seat belts, air bags and graduated driving laws, to being an industry leader in pricing sophistication, telematics, and, more recently, device and identity protection. Job Description **For this opportunity, the business is flexible to hire at Sr Consultant II, Lead Consultant, and Expert level depending on qualifications & interview evaluation.** Allstate Information Security (AIS) is advancing its embedded security product strategy by launching three new engineering teams dedicated to building security controls seamlessly integrated into Allstate’s technology ecosystem. This is an opportunity for an engineer to build tools for other product engineers to improve the security and developer experience of Allstate's SDLC and platforms. The Software Engineer architects and designs their digital products using modern tools, technologies, frameworks, and systems. This individual will apply a systematic application of scientific and technological knowledge, methods, and experience to the design, implementation, testing, and documentation of software. Software Engineers take pride in building solutions without compromise—demonstrating an unwavering commitment to both developer friendliness and security. The Security Engineering group this position would be a part of is tasked with developing security controls as digital products that enhance or contribute to the enhancement of security within Allstate. Key Responsibilities - Participate in the ideation of security controls that challenge the status quo and push the organization to a higher level of embedded security - Demonstrate technical skills and aptitude needed to meet/exceed delivery velocity expectations as a full stack developer - Actively learn different technologies as needed for delivery of stories - Deliver on all phases of development work from initial kick-off, technical setup, application development, and support - Embrace approach of making collaborative, fast, local decisions; then course correct as/if needed (test/learn/iterate) - Participate in regular agile meetings (e.g., site standup, product team standup, iteration planning meeting, retrospective, lunch & learns) - Utilize Paired programming - Leverage Test-Driven Development - Establish continuous integration, continuous delivery, and continuous deployment pipelines and practices - Participate in high-level and low-level component and system designs - Partner in collaboration and strategy alignment across product portfolios (cross-product) in partnership with product managers, other peers and key stakeholders Essential Skills - Minimum of 3 years’ experience delivering production grade applications using (Java, Python, .NET, JavaScript etc.) with measurable impact (e.g., improved performance, reduced incidents) - Familiarity with the tools such as, Intellij-IDE or equivalent, Git, and REST APIs - Experience building and maintaining CI/CD pipelines that reduced deployment time and increased release frequency without compromising quality - Knowledge of Agile methodologies (especially Agile XP), including paired programming and test-driven development - Hands on experience architecting and deploying distributed systems in the cloud including MicroServices architectures, achieving scalability and uptime targets Additional Criteria for Lead & Expert Levels: - Minimum of 1 year of experience coaching or mentoring engineers with evidence of improving team capability - Proven ability to lead technical design and architecture decisions for complex, distributed systems, resulting in measurable improvements in scalability, security, or performance - Track record of driving cross-team collaboration to deliver integrated solutions, achieving alignment across multiple product portfolios Desirable Skills - Familiarity with OWASP top 10 and MITRE attack framework - Experience and knowledge in web and API security including authentication, authorization, OAuth, OWASP, OpenID, and SAML - Experience with behavioral driven development - Knowledge of LLMs and Machine Learning - Knowledge of AI-assisted development tools (Copilot, Cursor) and ability to leverage them for productivity gains Supervisory Responsibilities - There are no supervisory responsibilities for this role #LI-JJ1 Skills Agile Methodology, CI/CD, Java, JavaScript, Microservices Architecture, Microsoft .NET, Python (Programming Language), Software Engineering, Test Driven Development (TDD) Compensation Compensation offered for this role ranges from $90,700 - 199,910 annually and is based on experience and qualifications. The candidate(s) offered this position will be required to submit to a background investigation. Joining our team isn’t just a job — it’s an opportunity. One that takes your skills and pushes them to the next level. One that encourages you to challenge the status quo. One where you can shape the future of protection while supporting causes that mean the most to you. Joining our team means being part of something bigger – a winning team making a meaningful impact. Allstate generally does not sponsor individuals for employment-based visas for this position. Effective July 1, 2014, under Indiana House Enrolled Act (HEA) 1242, it is against public policy of the State of Indiana and a discriminatory practice for an employer to discriminate against a prospective employee on the basis of status as a veteran by refusing to employ an applicant on the basis that they are a veteran of the armed forces of the United States, a member of the Indiana National Guard or a member of a reserve component. For jobs in San Francisco, please click “here” for information regarding the San Francisco Fair Chance Ordinance. For jobs in Los Angeles, please click “here” for information regarding the Los Angeles Fair Chance Initiative for Hiring Ordinance. To view the “EEO Know Your Rights” poster click “here”. This poster provides information concerning the laws and procedures for filing complaints of violations of the laws with the Office of Federal Contract Compliance Programs. To view the FMLA poster, click “here”. This poster summarizing the major provisions of the Family and Medical Leave Act (FMLA) and telling employees how to file a complaint. It is the Company’s policy to employ the best qualified individuals available for all jobs. Therefore, any discriminatory action taken on account of an employee’s ancestry, age, color, disability, genetic information, gender, gender identity, gender expression, sexual and reproductive health decision, marital status, medical condition, military or veteran status, national origin, race (include traits historically associated with race, including, but not limited to, hair texture and protective hairstyles), religion (including religious dress), sex, or sexual orientation that adversely affects an employee's terms or conditions of employment is prohibited. This policy applies to all aspects of the employment relationship, including, but not limited to, hiring, training, salary administration, promotion, job assignment, benefits, discipline, and separation of employment.
Director, Security & IT
CareforthFounded in Boston, Careforth's caregiver programs and services improve health outcomes, keeping care at home longer. Additionally, our programs provide financial benefit to caregivers and cost savings to state agencies and health plans. At Careforth, we understand the challenges of caregiving and are committed to supporting family caregivers at every turn. Caregivers play a critical role in the future of healthcare—and so can you.
About Us A pioneer in the caregiving space, Careforth supports family caregivers across the United States to confidently care for their loved ones at home. Through a combination of in-person home visits, remote coaching and our proprietary digital collaboration app, we provide caregivers with support, guidance, confidence, and connection to resources they need. The Caregivers and families we support stay with Careforth for many years, building lasting relationships along the way. Join us today and live our values: lead with heart, cultivate trust, go beyond. Position Summary The Director of Security & IT will lead and mature Careforth's information security and IT infrastructure programs, ensuring the confidentiality and availability of our systems and data in a highly regulated healthcare environment. This senior leader will own our security posture end-to-end — from HIPAA and HITRUST compliance to cloud infrastructure and incident response — while partnering closely with Clinical, Product, Legal, and executive leadership. This role will oversee security strategy, IT operations and vendor risk management, serving as Careforth’s primary voice on security risk and IT resilience. What You Will Do • Own and continuously mature Careforth's information security program, ensuring policies and standards align with HIPAA, HITRUST, and applicable state privacy regulations. • Serve as the primary point of accountability for security risk management, threat monitoring, vulnerability management, and incident response. • Lead preparation for security audits and regulatory examinations, managing remediation of findings. • Partner with Legal and Compliance to maintain a robust data governance and privacy framework, including Business Associate Agreements (BAAs) and breach notification procedures. • Define and execute the IT roadmap, encompassing cloud infrastructure, end-user computing, enterprise applications, and systems reliability. • Manage vendor risk assessments and third-party security reviews; maintain an up-to-date vendor risk register. • Oversee IT operations including helpdesk, asset management, identity and access management (IAM), endpoint protection, and network security. • Drive the adoption of cloud-first and zero-trust architecture principles across the organization (AWS preferred). • Lead and mentor a high-performing team, fostering a culture of accountability and continuous improvement. • Develop and present security metrics, KPIs, and risk dashboards to executive leadership and the Board as appropriate. • Champion security awareness through training programs, phishing simulations, and a culture of shared responsibility. • Manage IT vendor relationships, contracts, and technology spend to ensure cost-effective, resilient operations. • Collaborate with the Software Engineering team to embed secure development practices. • Maintain and regularly test business continuity and disaster recovery plans. • Perform other duties as assigned What You Will Bring •10+ years of progressive experience in information security, including 3+ years in a people leadership role. •Strong familiarity with operating IT and telecommunications systems. •Deep expertise in HIPAA/HITRUST compliance and healthcare data privacy requirements; experience operating in a regulated healthcare or health tech environment is strongly preferred. • Strong knowledge of security frameworks such as NIST CSF, ISO 27001, and SOC 2 Type II. • Hands-on experience securing cloud-based environments and SaaS platforms (AWS preferred). • Proven track record leading incident response, forensic investigations, and disaster recovery planning. • Familiarity with secure software development practices and ability to partner effectively with engineering teams. • Experience with IAM platforms, endpoint detection and response (EDR) tools, and SIEM/log management solutions. • Exceptional communication skills; able to translate complex technical risk into clear business language for non-technical stakeholders including executive leadership. • Bachelor's degree in a related field or equivalent work experience; CISSP, CISM, CISA certification preferred. You'll Benefit From At Careforth your well-being matters. With flexible schedules, a remote-first culture, and a nationally recognized wellness program, our benefits are designed to help you thrive, both professionally and personally. Discover how we invest in you: https://careforth.com/careers/#benefits The pay range for this position is $133,900 - $214,337. The actual wage offered may be lower or higher depending on budget and candidate experience, knowledge, skills, qualifications, and geographic location. #LI-Remote ( except for CA) Join Our Award Winning Team Founded in Boston, Careforth's caregiver programs and services improve health outcomes, keeping care at home longer. Additionally, our programs provide financial benefit to caregivers and cost savings to state agencies and health plans. At Careforth, we understand the challenges of caregiving and are committed to supporting family caregivers at every turn. Caregivers play a critical role in the future of healthcare—and so can you. Apply now! For more information, please visit www.Careforth.com. Careforth is an Equal Opportunity Employer* DISCLAIMER: Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. *Careforth supports families with diverse backgrounds and as an equal opportunity employer, we seek employees who reflect the diverse population we serve. Careforth complies with all applicable laws concerning hiring and employment practices and is firmly committed to fostering and maintaining a workplace free from discrimination. We pledge to hire, train, and promote our employees without regard to race, religion, gender, gender identity, genetic information, age, national origin, sexual orientation, disability, veteran status, or any other category protected by applicable law. Careforth strives to create experiences that are accessible and welcoming to everyone, including making www.careforth.com and the careers site accessible to any and all users. If you would like to contact us regarding the company’s diversity, equity and inclusion initiatives, inquire about a specific accessibility need or the accessibility of our website, or if you need assistance completing an application process, please contact People & Culture at 866-797-2333.
