Product Security Engineer
Cedar
Job Overview
Who's the hiring manager?
Sign up to PitchMeAI to discover the hiring manager's details for this job. We will also write them an intro email for you.
Job Description
About Cedar
Cedar's mission is to leverage data science, smart product design and personalization to make healthcare more affordable and accessible. The US healthcare system is a leading cause of personal bankruptcy, with over 50 million Americans facing adverse financial consequences annually. Cedar aims to deliver a superior experience by applying consumer best practices to healthcare provider engagement, addressing the growing challenge of high deductible health plans.
The Role of a Product Security Engineer
Security at Cedar is about building solutions, not barriers. We are seeking a Product Security Engineer who is fundamentally a developer. This role involves writing code, building infrastructure, and shipping internal products to make secure development the easiest path for our engineers. You will partner pragmatically with Maker teams to safely ship high-value features efficiently, addressing high-risk, high-value workflows across product, infrastructure, and integrations.
What You'll Solve
Here’s an example project a Product Security Engineer recently shipped:
Problem: Developers needed to troubleshoot a workflow requiring access-restricted, sensitive data in logs to reproduce issues. The previous method of tracing identifiers through multiple systems was slow and labor-intensive, delaying patient care.
Solution: Instead of simply restricting access, a reusable, custom logger was built to safely accommodate sensitive data. This logger can be temporarily enabled, stored, and analyzed securely.
Impact: This solution, tested with a product team, resolved a key friction point. It significantly increased developer velocity and enhanced Cedar’s security posture by eliminating the need for developers to log sensitive information insecurely.
What You'll Do
- Build Security Tooling: Architect robust tools using Terraform, Bash, Go, or Python. Implement automation with gRPC, GraphQL, and HTTP to reduce manual security toil and developer friction.
- Architect for Scale: Collaborate directly with product engineers to co-design features, integrating security from the initial design phase rather than as an afterthought.
- Pave the Road: Review Infrastructure-as-Code (Terraform) and IAM roles. Beyond identifying flaws, you will propose code-ready improvements that educate developers and streamline future deployments.
- Advise, Don't Block: Act as a trusted advisor. When vulnerabilities are discovered, you will not only report them but also help scope practical fixes based on risk assessment and business context.
About You
- Developer First: Substantial experience in software development, comfortable writing production-ready code (Python and Go preferred, but all backgrounds welcome).
- Pragmatic: Understands that perfect security is unattainable and can effectively weigh security risks against business goals, communicating trade-offs to non-security stakeholders.
- Proactive: Identifies vulnerability patterns and builds systemic fixes or libraries to prevent entire classes of bugs, rather than waiting for tickets.
- Cloud Knowledge: Deep familiarity with AWS infrastructure best practices, IAM, and containerization.
- Teacher: Collaborative by default, excited about enabling software developers.
Bonus Points
- Experience creating developer-focused security libraries or CLI tools.
- Familiarity with HIPAA, PCI, or securing fintech/payment data.
- Participation in CTFs, bug bounties, or open-source security contributions.
Compensation and Benefits
The Product Security Engineer role offers a competitive salary range of $157,250 - $185,000, equity eligibility, and a comprehensive benefits package. Cedar is dedicated to improving the U.S. healthcare system through a high-growth financial platform, engaging 26 million patients annually and processing $3.5 billion in payments. Benefits include unlimited PTO, 16 weeks paid parental leave, diversity initiatives, competitive health benefits (fertility & adoption assistance), 401(k) matching up to 3%, and extensive learning and development resources. Most roles offer flexible work arrangements.
Key Skills/Competency
- Product Security
- Software Development
- AWS Infrastructure
- IAM
- Containerization
- Python
- Go
- Terraform
- Security Automation
- Risk Assessment
- Secure Development
How to Get Hired at Cedar
- Research Cedar's culture: Study their mission in healthcare fintech, values, recent funding ($350M from Thrive, Andreessen Horowitz), and employee testimonials on LinkedIn and Glassdoor.
- Tailor your resume: Highlight software development skills, experience with AWS, IAM, and infrastructure-as-code. Showcase projects where you built security tooling or integrated security proactively.
- Emphasize pragmatic security: Prepare to discuss instances where you balanced security risks with business goals, demonstrating a "developer-first" and solution-oriented approach.
- Showcase technical depth: Be ready for in-depth questions on Python/Go, AWS services, container security, and how you approach secure system design and vulnerability remediation.
- Illustrate collaborative impact: Share examples of how you've mentored developers, improved security posture through education, and acted as a trusted advisor, not a blocker.
Frequently Asked Questions
Find answers to common questions about this job opportunity
Explore similar opportunities that match your background