Product Security Engineer

  • location

    New York City

  • sector:

    Technology, Cyber Security

  • Contact:

    Bradley Boughton

  • Email:

  • job ref:


  • published:

    6 months ago

  • expiry date:


Orbis is partnered with a Healthtech company who have built a platform that combines data science and machine learning to connect patients with healthcare providers to solve patient billing and payment. Their technology improves the overall experience of patient billing and engagement, enabling patients to help understand the cost of their care while ensuring providers can thrive in a rapidly changing environment. 

As a Product Security Engineer, you will help build the application security program, affecting the whole product lifecycle: from input to architecture through the release process as well as ongoing assessment, triage and remediation of application vulnerabilities. As a fast-growing startup, security cannot be reactive, and so you will be hands-on with our codebase: helping build tools, services and guidance that form the "golden road", so releasing secure software is the easy and obvious path for the rest of our maker community. 


  • Embed security practices into new and existing CI/CD pipelines
  • Perform security assessments of new products and technologies
  • Evangelize security through participation in design discussions and code reviews
  • Build security solutions not just to mitigate the OWASP Top 10, but to raise the bar on data protection and monitoring
  • Drive technical projects end-to-end, including the integration of secure development standards, tools and processes
  • Perform threat modeling, research and share threat intelligence specific to the business
  • Prioritize remediations and projects based on knowledge of threat, risk and importance to the business 

Required Skills & Experience 

  • 5+ years in technical security roles 
  • Proficient in a few general purpose programming languages (ideally Python & Javascript)
  • Experience with penetration tests & application assessments, ideally on both sides of the table
  • Experience performing code audits on internal and open source libraries 
  • Experience with DAST, SAST as well as manual testing techniques
  • Familiarity with AWS operations; this isn't an infrastructure role, but you should be able to advocate for controls at different parts of the stack 

Preferred Qualifications

  • A record of participation in the open-source and security communities
  • Experience building secure APIs and secure data science pipelines
  • Hands-on experience with container and AWS security, and implementing automations with and for these platforms
  • Familiarity with HIPAA, PCI and the unique considerations around health and payments data
  • Experience with vulnerability and threat management activities generally, including bug bounty and external assessment programs
  • Strong communications skills - ability to describe the security of our platform to existing and potential clients would be a big win.

What do we offer to the ideal candidate? 

  • An opportunity to work on a platform that is scaling very rapidly with 200,000 engaged patients a day as of May 2020 
  • A chance to join a high-growth company at an early stage
  • The ability to impact the growth of our company, we value all comments and suggestions 
  • Transparency across teams and interaction with multiple departments 
  • Competitive pay, employer-paid healthcare, stock options
  • Daily team lunch and unlimited healthy snacks at our NYC offic