New York, NY; Remote, US (Hub cities) Hybrid Full-time USD 221,000 – 260,000 / year

Maven Clinic is hiring a Staff Software Engineer - Product Security

Responsibilities

  • Design and implement scalable infrastructure supporting HIPAA, SOC 2, and ISO 27001 compliance
  • Build and maintain systems for identity, authentication, and access management (Okta / GCP IAM / Auth0/ OPA)
  • Implement observability and anomaly detection across microservices, data stores, and SaaS platforms
  • Establish Zero Trust principles and enforce least-privilege access company-wide
  • Develop compliance observability dashboards and automated evidence collection
  • Create self-service security tools that integrate with developer workflows (GitLab CI/CD, Terraform)
  • Automate onboarding/offboarding, access reviews, and approvals
  • Integrate software-supply-chain security (SBOM, dependency scanning)
  • Develop or adopt AI-assisted security tooling to proactively identify risks
  • Automate policy enforcement, SAST/DAST scans, and compliance verification
  • Lead threat modeling and security architecture reviews for new products and services
  • Partner with product and data teams to embed secure-by-default design patterns
  • Ensure encryption, access tracking, and secure data handling across PHI workflows
  • Contribute to incident response, post-mortems, and continual improvement of security posture
  • Act as Maven’s technical authority for security engineering
  • Mentor peers and promote secure coding and architecture practices
  • Partner cross-functionally (Engineering, Compliance, Clinical, Legal) to align on security strategy
  • Champion an engineering culture of transparency, accountability, and continuous improvement

Requirements

  • 8+ years of software engineering experience, including 3+ in security infrastructure or application security
  • Proven ability to design and implement large-scale, distributed, cloud-native systems
  • Strong coding proficiency in Python, TypeScript, Go and/or Rust
  • Deep understanding of cloud security (GCP preferred; AWS/Azure welcome)
  • Experience with Kubernetes, containers, and infrastructure-as-code (Terraform)
  • Familiarity with security testing frameworks and secure SDLC principles
  • Excellent communication and documentation skills

Nice to Have

  • Expertise in Zero Trust architectures, authentication/authorization frameworks, and data-loss prevention
  • Experience with security compliance automation (SOC 2, ISO 27001, PCI-DSS, NIST)
  • Background in data security telemetry and threat detection
  • Familiarity with AI/ML security and AI-assisted analysis tools
  • Exposure to supply-chain security and CI/CD pipeline hardening
  • Certifications (CISSP, GCP Professional Cloud Security Engineer, OSCP) a plus

Benefits

  • Equity
  • Benefits (healthcare, etc.)

Work Arrangement

Hybrid — New York Metropolitan area, NY, San Francisco/Bay Area, CA, Seattle, WA, Boston, DC, Chicago, Seattle, San Francisco

Additional Information

  • Base salary range is $221,000 - $260,000 per year
  • Maven embraces a flexible hybrid work model
  • New York City office: onsite three days a week (Tuesday, Wednesday, Thursday)
  • Boston, DC, Chicago, Seattle, and San Francisco: monthly Work Together Days required
Required Skills
PythonTypeScriptGolangRustKubernetes
Relocating to Thailand?

Visa and work permit handled by experts

SVBL manages your entire visa process — from application to approval. Work permits, extensions, and compliance all covered. One partner for legal, immigration, and settling in.

Work permit processing
Visa extensions & renewals
Immigration compliance
Banking & housing guidance
Get free consultation
Free initial consultation
About company
Maven Clinic
Founded in 2014, Maven is the world’s largest virtual clinic for women and families providing clinical, emotional, and financial support via digital programs spanning fertility & family building, maternity & newborn care, parenting & pediatrics, and menopause.
All jobs at Maven Clinic Visit website
Job Details
Department Product Security
Category security
Posted 4 hours ago