Staff Security Engineer

About Maven Clinic

Maven Clinic is the world's largest virtual clinic for women and families. Their award-winning digital programs integrate clinical, emotional, and financial support, serving areas from fertility and family building to maternity, newborn care, parenting, pediatrics, and menopause.

With recognition from Time, CNBC, Fast Company, and FORTUNE, Maven Clinic has revolutionized healthcare for over 2,000 employers and health plans.

What You’ll Do

Security Platform Engineering: Design and implement scalable infrastructure supporting HIPAA, SOC 2, and ISO 27001 compliance; build and maintain identity, authentication, and access management systems using Okta, GCP IAM, Auth0, and OPA; implement observability and anomaly detection across systems; establish Zero Trust principles; and develop compliance dashboards with automated evidence collection.

Security Automation & Tooling: Create self-service security tools integrated with developer workflows (GitLab CI/CD, Terraform); automate onboarding/offboarding and access reviews; integrate software-supply-chain security measures; develop AI-assisted security tooling; and automate policy enforcement including SAST/DAST scans.

Application & Data Security: Lead threat modeling and security architecture reviews, partner with product and data teams for secure design, ensure encryption and secure data handling across PHI workflows, and contribute to incident response and post-mortems.

Leadership & Collaboration: Act as Maven’s technical authority in security; mentor peers; collaborate cross-functionally with Engineering, Compliance, Clinical, and Legal teams; and promote an engineering culture of transparency and continuous improvement.

What You’ll Bring

8+ years of software engineering experience with at least 3 years in security. Must have strong coding skills in Python, TypeScript, Go, or Rust; deep understanding of cloud security (GCP preferred); experience with Kubernetes, containers, and infrastructure-as-code using Terraform; and excellent communication and documentation skills.

Preferred qualifications: Expertise in Zero Trust architectures, security compliance automation (SOC 2, ISO 27001, etc.), data security telemetry, AI/ML security, supply-chain security, and certifications such as CISSP, OSCP, or GCP Professional Cloud Security Engineer.

Benefits and Work Arrangement

The role offers a competitive base salary ($221,000 - $260,000 per year), equity, and benefits including comprehensive health plans, wellness support, professional development, 401K matching, and flexible hybrid work across the New York Metropolitan area and select other cities.

Key skills/competency

• Security
• Compliance
• Cloud
• Automation
• Zero Trust
• Infrastructure
• DevSecOps
• Risk
• Incident Response
• Identity Management