Your may know how to hack, which is great, but we’re looking for more. We want you to teach our team how to protect our product, and we expect you to break it, destroy it and raise the bar. Our goal is to have ZERO security bugs in our product. Impossible? Maybe.
What you will do:
As a Product Security Engineer, you’ll provide guidance and lead our Secure SDLC program.
Among those responsibilities:
- Conduct manual penetration testing against Vim’s applications and APIs.
- Provide guidance on prioritization and remediation of security issues.
- Provide guidance on secure SDLC implementation.
- Assess the application design and architecture against security best practices.
- Perform threat modeling of new and existing applications.
- Assess the risks of new initiatives and features.
- Mentor development teams through training, brown bags, and hackathons.
- Build and automate security testing as part of Vim’s CICD pipeline.
What we are looking for:
- 5+ years of relevant experience
- Experience with application security and hands-on penetration testing
- Experience in application development with at least one modern programming language.
- Knowledge of DevOps and DevSecOps practices (including CICD security controls)
- Experience performing code reviews
- Knowledge of web application architectures
- Knowledge of threat modeling
- Cloud technology, specifically AWS
Vim is building a value-driven platform for aligning incentives and connecting patients with the best providers for their needs. We curate virtual networks of top providers, guide patients to our network through online booking, and empower providers to make the best decisions for their patients at the time of a referral.
We are headquartered in San Francisco, with R&D in Tel Aviv, and are backed by Sequoia, GreatPoint Ventures, Optum Ventures, and large BCBS payers. Our customers include health plans and physician-led healthcare systems.
By inputting your information and clicking “Submit Application”, you acknowledge that you have read and agree to Vim’s Candidate Privacy Notice.