Staff Security Engineer

As a Staff Security Engineer, you will support our Head of Security Engineering drive security initiatives strategies all while continuing to push security to the forefront of Thirty Madison! We put our patients first, and at the core of that is providing them extraordinary safety, security and privacy. This is a chance to build it right from the ground up and help us leapfrog beyond our competition. Above all, you embody the Thirty Madison mission of providing access to healthcare for all who suffer from chronic conditions.

Comp | Perks | Benefits 

• The base pay range for this position is $184,000 - $253,000 per year** 
• Annual Incentive Plan + Stock Option Package
• Robust and affordable Medical, Dental, and Vision plan options 
• 401(k) with a match, commuter benefits, and FSA
• Annual $750 vacation stipend and $500 happiness stipend
• Flexible time off policy 

**Base pay offered may vary depending on job-related knowledge, skills, and experience. An annual incentive plan and stock options may be provided as part of the compensation package, in addition to a full range of medical, financial, and/or other benefits, dependent on the position offered.

What you get to do every day

• Act as a hands-on subject matter expert (SME) for the Detection and Response program, while also taking ownership of broader security initiatives, including Enterprise Security and Product Security at Thirty Madison.
• Design and implement scalable solutions and processes to proactively identify, address, and mitigate security vulnerabilities and risks.
• Conduct research on emerging threats impacting Thirty Madison’s applications and infrastructure.
• Strengthen defense-in-depth strategies by developing secure-by-default frameworks, architectures, and processes.
• Provide mentorship and share security best practices across the organization.
• Collaborate with cross-functional teams to ensure security efforts align with business objectives and integrate smoothly into existing workflows.
• Lead investigations, containment, and remediation of security incidents, ensuring swift resolution.
• Demonstrate strong leadership under pressure, making informed decisions in uncertain situations while coordinating efforts across teams to resolve issues effectively

What you bring to the role 

• Proven expertise in security incident response and detection engineering, with a strong focus on cloud environments.
• Ability to partner closely with the Head of Security to drive forward security initiatives and strategies.
• Experience adopting an automation- and development-driven approach to implement security controls.
• Strong skills in threat modeling and identifying security risks.
• Establish and track key KPIs to ensure the security program remains robust, enabling data-driven decision-making.
• Leadership experience in designing and executing security control strategies, driving iterative design, and taking ownership of security products.
• Exceptional collaboration skills, with the ability to work seamlessly with diverse teams, including engineers, medical professionals, and external partners.
• A proactive mindset with a strong drive to take ownership of issues and solve them independently in a fast-paced, evolving environment.
• A passion for educating and evangelizing security best practices, backed by excellent written and verbal communication skills.
• Several years of experience leading cross-functional initiatives, especially bridging security engineering with infrastructure teams, with a proven track record of delivering impactful projects that align with business objectives.
• Familiarity with Kubernetes and microservices architectures.
• Experience deploying and securing cloud services (e.g., AWS, Azure) with a deep understanding of cloud security principles.
• Strong proficiency in scripting and programming languages (e.g., Python, Bash) for data analysis, automation, and tool development.
• Hands-on experience with Terraform for infrastructure management and automation.

All Company policies and procedures are subject to change without notice based on business needs. This includes, but is not limited to, the locations where we hire remote, hybrid, or onsite employees.

U.S. Applicants Only

Don’t meet every single requirement? Studies have shown that women and people of color are less likely to apply to jobs unless they meet every single qualification. At Thirty Madison we are dedicated to building a diverse, inclusive and authentic workplace, so if you’re excited about this role but your past experience doesn’t align perfectly with every qualification in the job description, we encourage you to apply anyways. You may be just the right candidate for this or other roles.

We are proud to be an equal opportunity workplace committed to building a team culture that celebrates diversity and inclusion.

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions. Contact us at recruiting@thirtymadison.com to request accommodation.

About Thirty Madison 

Thirty Madison is a family of specialized healthcare brands devoted to creating exceptional outcomes for all. Each of its specialized brands is focused on a specific ongoing condition, and thoughtfully designed to support the unique needs of its community with personalized treatments and care; with Keeps for men's hair loss, Cove for migraine,  Facet for skin conditions, and NURX for sexual health. With empathy at the heart of its innovation, its proprietary care model empowers hundreds of thousands of people with ongoing conditions with the accessible, effective treatments across a lifetime of care. In just four years, we’ve built a number of brands and are continuing to grow rapidly, recently raised a $140m Series C, and are backed by some of the best healthcare and consumer investors, including HealthQuest Capital, Mousse Partners, Bracket Capital, Polaris Partners, Johnson & Johnson, Maveron, Northzone, among others.

We are honored to become Great Place to Work certified and be included on BuiltIn's 2021 list of Best Places To Work in New York City, and Best Midsize Companies To Work For. We've also been recognized by Forbes' Best Startup Employers, being named as one of America's Best Places to Work 2022. This recognition is a true testament to our hardworking team and company culture. As we continue to grow, we pride ourselves on finding passionate individuals who truly embody our core values and mission each and every day. Learn more at ThirtyMadison.com. 

*This employer participates in E-Verify and will provide the federal government with your I-9 Form information to confirm that you are authorized to work in the U.S.*

*Please be aware that there are fraudulent entities who are falsely claiming to be or represent Thirty Madison in order to solicit sensitive personal information or payment. Thirty Madison is not in any way associated with these entities or practices. The safety and integrity of those seeking employment with us is of the utmost importance and we actively work with our legal and security teams to prevent future incidents. 

Thirty Madison will never ask for sensitive information or payment when engaging with job seekers. The entities use many methods to perpetuate these scams, including but not limited to: participating in a text-only interview, using Thirty Madison’s trademarks on their correspondence, or providing you with a seemingly legitimate offer letter. If you suspect you are a victim of this scamming, we encourage you to cease further contact and report the crime to The Federal Trade Commission.