[Remote] Staff Software Engineer - Product Security New York, NY; Remote, US (Hub cities)
Note: The job is a remote job and is open to candidates in USA. Maven is the world's largest virtual clinic for women and families, dedicated to making healthcare accessible for all. They are seeking a Staff Software Engineer specializing in Product Security to design and implement security infrastructure, ensure compliance, and lead security initiatives across the organization.
Responsibilities
- Design and implement scalable infrastructure supporting HIPAA, SOC 2, and ISO 27001 compliance
- Build and maintain systems for identity, authentication, and access management (Okta / GCP IAM / Auth0/ OPA)
- Implement observability and anomaly detection across microservices, data stores, and SaaS platforms
- Establish Zero Trust principles and enforce least-privilege access company-wide
- Develop compliance observability dashboards and automated evidence collection
- Create self-service security tools that integrate with developer workflows (GitLab CI/CD, Terraform)
- Automate onboarding/offboarding, access reviews, and approvals
- Integrate software-supply-chain security (SBOM, dependency scanning)
- Develop or adopt AI-assisted security tooling to proactively identify risks
- Automate policy enforcement, SAST/DAST scans, and compliance verification
- Lead threat modeling and security architecture reviews for new products and services
- Partner with product and data teams to embed secure-by-default design patterns
- Ensure encryption, access tracking, and secure data handling across PHI workflows
- Contribute to incident response, post-mortems, and continual improvement of security posture
- Act as Maven’s technical authority for security engineering
- Mentor peers and promote secure coding and architecture practices
- Partner cross-functionally (Engineering, Compliance, Clinical, Legal) to align on security strategy
- Champion an engineering culture of transparency, accountability, and continuous improvement
Skills
- 8+ years of software engineering experience, including 3+ in security infrastructure or application security
- Proven ability to design and implement large-scale, distributed, cloud-native systems
- Strong coding proficiency in Python, TypeScript, Go and/or Rust
- Deep understanding of cloud security (GCP preferred; AWS/Azure welcome)
- Experience with Kubernetes, containers, and infrastructure-as-code (Terraform)
- Familiarity with security testing frameworks and secure SDLC principles
- Excellent communication and documentation skills
- Expertise in Zero Trust architectures, authentication/authorization frameworks, and data-loss prevention
- Experience with security compliance automation (SOC 2, ISO 27001, PCI-DSS, NIST)
- Background in data security telemetry and threat detection
- Familiarity with AI/ML security and AI-assisted analysis tools
- Exposure to supply-chain security and CI/CD pipeline hardening
- Certifications (CISSP, GCP Professional Cloud Security Engineer, OSCP) a plus
Benefits
- Access to the full platform and specialists, including care for mental health, reproductive health, family planning and pediatrics.
- Whole-self care through wellness partnerships
- Hybrid work, in office meals, and work together days
- 16 weeks 100% paid parental leave and new parent stipend (for Mavens who've been with us for 1 year+)
- Annual professional development stipend and access to a personal career coach through Maven for Mavens
- 401K matching for US-based employees, with immediate vesting
Company Overview
Company H1B Sponsorship