Staff Security Engineer

1 Month ago • 10 Years + • Cyber Security • $200,000 PA - $220,000 PA

Job Summary

Job Description

Pomelo Care is a multi-disciplinary team focused on improving care for moms and babies through a technology-driven platform. They seek an experienced Staff Security Engineer to mature cybersecurity practices, safeguard sensitive healthcare data, and enable secure product development. This role involves leading critical cybersecurity initiatives, developing security solutions, collaborating cross-functionally, and improving SDLC processes. The ideal candidate is a versatile generalist with deep technical expertise and strong software engineering fundamentals.
Must have:
  • Lead and execute critical cybersecurity initiatives (IAM/RBAC, AppSec, Cloud Security, Endpoint Security, CI/CD, supply chain security, SAST/DAST, pen testing, bug bounty, IR, DFIR, SaaS security).
  • Develop and implement security solutions and frameworks.
  • Own and continuously improve secure software development lifecycle (SDLC) processes and tools.
  • Participate directly in incident response activities.
  • 10+ years of hands-on cybersecurity experience with a robust software engineering foundation.
  • Direct hands-on expertise in at least 2-3 key security areas (IAM, Application Security, Cloud Security, CI/CD security, Incident Response).
  • Experience with Google Cloud Platform (GCP), Kotlin, React/Next.js, Swift, Expo, XCode, Android Studio, yarn, npm, Code Build.
  • Cybersecurity experience in healthcare/startups, familiar with HIPAA, SOC 2 Type 2, HITRUST.
  • Strong technical background in full stack software development, system architecture, PKI, SAML, JWT, HMAC, MITRE ATT&CK, D3FEND, OWASP top ten mitigations.
  • Ability to thrive in agile environments.
  • Strong problem-solving, communication, and collaborative mindset.
Good to have:
  • Relevant industry certifications (e.g., CISSP, CISM, CCSP)
  • OSCP certification
Perks:
  • Competitive healthcare benefits
  • Generous equity compensation
  • Unlimited vacation
  • Membership in the First Round Network

Job Details

About us

Pomelo Care is a multi-disciplinary team of clinicians, engineers and problem solvers who are passionate about improving care for moms and babies. We are transforming outcomes for pregnant people and babies with evidence-based pregnancy and newborn care at scale. Our technology-driven care platform enables us to engage patients early, conduct individualized risk assessments for poor pregnancy outcomes, and deliver coordinated, personalized virtual care throughout pregnancy, NICU stays, and the first postpartum year. We measure ourselves by reductions in preterm births, NICU admissions, c-sections and maternal mortality; we improve outcomes and reduce healthcare spend.

What you'll do

Pomelo Care is seeking an experienced cybersecurity engineer to mature our security practices and contribute to our mission to ensure that our patients, clinicians and partners trust us implicitly. This is an exciting opportunity for someone who shares our commitment to information security to be part of a fast-paced environment that will push you to learn while doing.

As a Staff Security Engineer, you'll be a key player in shaping our security posture, safeguarding sensitive healthcare data and enabling our engineering teams to build secure and compliant products. This role requires a versatile generalist with deep technical expertise, excellent software engineering fundamentals and the agility to thrive in a startup environment.

Key responsibilities will include:

  • Lead and execute critical cybersecurity initiatives, spanning areas like IAM/RBAC, Application Security, Cloud Security, Endpoint Security, CI/CD and supply chain security, SAST/DAST tooling, penetration testing, bug bounty management, Incident Response, DFIR and SaaS security.
  • Develop and implement security solutions and frameworks that proactively mitigate risks and address evolving threats.
  • Collaborate cross-functionally with engineering, product, compliance and executive teams to drive adoption of security best practices.
  • Own and continuously improve secure software development lifecycle (SDLC) processes and tools.
  • Serve as a subject matter expert and mentor, guiding and educating teams on cybersecurity principles, secure coding and threat modeling.
  • Participate directly in incident response activities, investigations and post-incident analysis.
  • Demonstrate humility, entrepreneurial spirit, strong communication skills and comfort contributing to a dynamic, cross-functional environment.

Who you are

  • 10+ years of hands-on experience in cybersecurity with a robust software engineering foundation.
  • Direct hands-on expertise in at least 2-3 key security areas (IAM, Application Security, Cloud Security, CI/CD security, Incident Response, etc.).
  • Curiosity and openness to learn new cybersecurity domains that may not be familiar.
  • Direct experience working in some parts of the full technology stack including Google Cloud Platform (GCP), Kotlin, React/Next.js, Swift, Expo, XCode, Android Studio, yarn, npm, Code Build, among others.
  • Previous cybersecurity experience within healthcare environments and startups, demonstrating familiarity with regulatory frameworks (e.g., HIPAA) and supporting security certifications such as SOC 2 Type 2 and HITRUST.
  • Strong technical background including full stack software development, system architecture and security fundamentals such as PKI, SAML, JWT, HMAC as well as MITRE ATT&CK and D3FEND frameworks and OWASP top ten mitigations.
  • Proven ability to thrive in agile environments, adapting quickly and wearing multiple hats to help scale security programs.
  • Strong problem-solving skills, excellent communication abilities, and a collaborative mindset.
  • Relevant industry certifications (e.g., CISSP, CISM, CCSP) are highly desirable. OSCP is a big plus.
  • Exceptional communication skills and the ability to convey complex security concepts to non-technical stakeholders.

Similar Jobs

Scale AI - UK Public Sector Deployment Strategist

Scale AI

London, England, United Kingdom (On-Site)
3 Months ago
Capgemini - Application Consultant

Capgemini

Noida, Uttar Pradesh, India (On-Site)
3 Months ago
Thousand Eyes - Implementation Engineer

Thousand Eyes

Mexico City, Mexico (On-Site)
3 Months ago
FICO - Senior Director, User Research

FICO

United States (Remote)
1 Month ago
Palo Alto Networks - Finance Business Manager, Corporate Finance

Palo Alto Networks

Santa Clara, California, United States (On-Site)
3 Months ago
Aledade - Staff Security Engineer (IAM)

Aledade

United States (Remote)
5 Months ago
Fi - Senior Security Analyst - GRC

Fi

Bengaluru, Karnataka, India (On-Site)
11 Months ago
Thousand Eyes - Senior Software Engineer, Security and Reliability

Thousand Eyes

San Francisco, California, United States (On-Site)
1 Month ago
Capgemini - Security Analyst

Capgemini

Bengaluru, Karnataka, India (On-Site)
3 Months ago
Apple - Security Embedded Software Engineer

Apple

Sunnyvale, California, United States (On-Site)
2 Months ago

Get notifed when new similar jobs are uploaded

Similar Skill Jobs

Workato - Group Product Manager (API Platform)

Workato

London, England, United Kingdom (On-Site)
1 Month ago
GoMotive - Sales Engineer, Mid Market

GoMotive

United States (Remote)
1 Month ago
Vendavo - Global Payroll Manager

Vendavo

Denver, Colorado, United States (Remote)
1 Month ago
entrata - Team Lead

entrata

Tel Aviv-Yafo, Tel Aviv District, Israel (Hybrid)
6 Months ago
Reltio - Sr Release Engineer

Reltio

Bengaluru, Karnataka, India (Hybrid)
2 Months ago
Sierra - Compensation Lead

Sierra

San Francisco, California, United States (On-Site)
5 Months ago
attentive - Event Marketing Manager

attentive

United States (On-Site)
1 Month ago
ElevenLabs - Revenue Partnerships

ElevenLabs

India (Remote)
4 Months ago
Globalization Partners - Principal Software Engineer

Globalization Partners

Northern Ireland, United Kingdom (Remote)
3 Months ago
Granicus - Sales Enablement Program Manager

Granicus

(Remote)
3 Months ago

Get notifed when new similar jobs are uploaded

Jobs in United States

Bethesda - Senior Content Producer

Bethesda

Rockville, Maryland, United States (On-Site)
1 Month ago
Octopus - Account Executive (Northeast Region)

Octopus

United States (Remote)
3 Weeks ago
HCL Tech - Lead Business Analyst with data analysis

HCL Tech

New Jersey, United States (On-Site)
2 Months ago
Riot Games - Senior Game Producer

Riot Games

Los Angeles, California, United States (On-Site)
3 Months ago
Internet Brands - Marketing Project Manager

Internet Brands

El Segundo, California, United States (On-Site)
3 Months ago
Scout - Senior Software Engineer

Scout

Fremont, California, United States (Hybrid)
1 Month ago
Apple - Full-Stack Engineer, Internal Tools (Web Apps)

Apple

Austin, Texas, United States (On-Site)
1 Month ago
whoop - Digital Marketing Specialist - Marketplaces

whoop

Boston, Massachusetts, United States (On-Site)
3 Weeks ago
The Walt Disney Company - Staff Electrical Engineer

The Walt Disney Company

Anaheim, California, United States (On-Site)
3 Months ago

Get notifed when new similar jobs are uploaded

Cyber Security Jobs

Applied materials  - Senior Network Security Engineer

Applied materials

Bengaluru, Karnataka, India (On-Site)
1 Month ago
Cineplex - Senior Engineer, Cyber Security Operations

Cineplex

Toronto, Ontario, Canada (Hybrid)
3 Weeks ago
Alpha Sense - Senior Cloud Security Engineer

Alpha Sense

Delhi, India (On-Site)
2 Months ago
WebTech Corporation - Risk Analyst - Information Security

WebTech Corporation

Pittsburgh, Pennsylvania, United States (Hybrid)
1 Month ago
binance - Pioneer Talent Program - Smart Contract Security Engineer

binance

Dubai, Dubai, United Arab Emirates (Remote)
6 Months ago
Canonical - Security Engineer - Ubuntu

Canonical

(Remote)
3 Months ago
BetterMe - Security Operations Engineer

BetterMe

Kyiv, Kyiv City, Ukraine (Remote)
2 Months ago
Tesla - Security Systems Engineer

Tesla

Brandenburg, Germany (On-Site)
6 Months ago
Take-Two Interactive - Information Security Operations Analyst

Take-Two Interactive

Austin, Texas, United States (On-Site)
1 Month ago
bytedance - Software Engineer - Network Security - San Jose

bytedance

San Jose, California, United States (On-Site)
9 Months ago

Get notifed when new similar jobs are uploaded