Job Closed
This listing is no longer active.
Affordable healthcare for everyone.
Lead Security Engineer
Location
California + 2 moreAll locations: California | New York | Washington
Posted
107 days ago
Salary
$135K - $288K / year
Seniority
Senior
Job Description
Lead Security Engineer
GoodRx
• Define and evolve the security architecture across cloud, application, and infrastructure domains. • Lead threat modeling and risk analysis for complex systems and new product initiatives. • Develop and guide implementation of secure design principles across engineering teams. • Evaluate emerging security technologies and recommend strategic adoption. • Perform enterprise-level risk assessments and translate findings into prioritized remediation roadmaps. • Define and improve security policies, standards, and control frameworks. • Drive alignment of security practices with regulatory and compliance requirements. • Provide executive-ready summaries of risk posture and mitigation strategy. • Lead complex security investigations and incident response efforts. • Conduct root cause analysis and implement systemic improvements to reduce future risk. • Develop and refine runbooks, playbooks, and response automation. • Act as an escalation point for high-impact security events. • Partner with engineering teams to integrate security into the SDLC. • Define standards for secure code reviews and static/dynamic analysis. • Improve automation for vulnerability scanning, detection, and remediation. • Guide cloud security best practices across AWS/GCP environments. • Act as a trusted advisor to engineering leadership and cross-functional partners. • Influence technical decisions that balance security, scalability, and delivery speed. • Foster strong relationships with vendors and external security partners. • Mentor and guide junior security engineers and engineers outside the security team.
Job Requirements
- 8+ years of cybersecurity or security engineering experience
- Deep expertise in application security, cloud security (AWS/GCP), and modern DevSecOps practices
- Prior experience with modern javascript frameworks and microservice architecture
- Demonstrated experience designing and implementing scalable security architectures
- Strong understanding of SDLC, CI/CD pipelines, and secure development practices
- Experience conducting enterprise-level risk assessments and incident investigations
- Strong analytical thinking and ability to assess ambiguous risk scenarios
- Excellent written and verbal communication skills, including ability to influence senior stakeholders.
- Ability to operate independently and exercise sound judgment on high-impact security decisions.
- Experience working in regulated environments (HIPAA, SOC2, PCI, etc.) preferred.
- Offensive security experience or strong understanding of adversarial techniques.
- Development experience in any modern programming language is a plus (Python, Rust, Go, etc).
- Experience with SSO platforms (Okta, SAML).
- Experience with SIEM/SOC tooling and observability platforms.
- CISSP or equivalent security certification.
- Cloud security certifications (AWS/GCP) preferred.
- Certified Kubernetes Administrator certification is a plus.
Benefits
- medical, dental, and vision insurance
- 401(k) with a company match
- ESPP
- unlimited vacation
- 13 paid holidays
- 72 hours of sick leave
- mental wellness programs
- financial wellness programs
- fertility benefits
- generous parental leave
- pet insurance
- supplemental life insurance for you and your dependents
- company-paid short-term and long-term disability
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
• Technical Support & Escalation: Senior technical resource for endpoint management services • Endpoint Management (Google Endpoint, JAMF & Crowdstrike): Design, implement, and maintain configuration profiles • Security Operations (EDR): Manage the deployment and health of the EDR agent • Identity & Collaboration: Administer the Google Workspace environment • Cross-Functional Strategy: Act as the technical glue between Help Desk and Security • Vendor Management: Manage relationships with IT vendors related to desktop software
• Monitor and manage serialization exceptions using TraceLink SCWM platform, ensuring timely investigation and resolution; Troubleshoot CVS Health’s traceability and verification issues, escalating to trading partners • Support the implementation of SOPs and compliance workflows for exception handling and traceability; Maintain and update knowledge management records, ensuring compliance documentation aligns with CVS Health’s policies and regulatory standards • Act as a liaison between CVS Health’s internal teams and external trading partners (manufacturers, wholesalers), addressing quarantine inventory issues and exception resolutions • Assist in training CVS Health teams (Retail pharmacies and distribution centers, PBM Mail, PBM Specialty, etc.) on serialization compliance, exception management, and best practices • Support the development of systems and processes needed for on-going exceptions management. Stay up to date with DSCSA compliance milestones, providing input for process improvements and regulatory updates
• Design and evaluate secure architectures across cloud environments • Work with identity systems and model identity-driven attack paths • Analyze and model attack surfaces across layers • Contribute to detection logic and risk reasoning • Research cloud-focused attacker techniques and emerging exploitation patterns
• Help define how exposure, risk, and exploitability are modeled, analyzed, and acted upon • Work across cloud security, identity, network security, detection engineering, and security architecture • Design and improve how CYBRET AI models attack surfaces across cloud, identity, network, and application layers • Identify real-world attack paths and exploit chains rather than theoretical vulnerabilities • Develop risk scoring and prioritization beyond CVSS • Incorporate exploitability, exposure, identity context, and business impact into decision-making • Design and evaluate security controls across Azure, AWS, and GCP • Contribute to detection logic, correlation, and multi-signal reasoning • Design and assess secure network architectures including private networking, segmentation, and zero-trust principles • Track attacker techniques, emerging threats, and exploitation patterns
