Security Engineer II, Enterprise

Job not on LinkedIn

October 1

Apply Now

Receive Emails with Similar Jobs

GoodRx

WebsiteLinkedInAll Job Openings

Healthcare Insurance • Pharmaceuticals • B2C

GoodRx is a company that helps consumers in the United States save money on their prescription medications. They provide a platform that allows users to compare drug prices and find the lowest costs at pharmacies in their area. GoodRx aims to make prescription medications more affordable for individuals by offering discounts and coupons.

501 - 1000 employees

Founded 2011

⚕️ Healthcare Insurance

💊 Pharmaceuticals

👥 B2C

💰 $100M Private Equity Round on 2020-09

📋 Description

• Embed security controls into application architecture and code reviews • Own vulnerability management for applications and microservices • Provide guidance on secure authentication, authorization, secrets management, and data security • Perform risk analysis across the production environment to identify internal and external threats • Provide security systems technology support for implementation, installation, and maintenance of security tooling, processes, procedures and runbooks • Evaluate, enhance, and improve application security automation within CI/CD pipelines to detect and remediate security issues early • Monitor, analyze, and triage alerts and logs from security platforms (Falcon, Palo Alto, Fortinet, Cisco, Snort, Proofpoint, Google Workspace, MS365, GCP, AWS) • Stay current on emerging threats, vulnerabilities, and threat actor behaviors and apply knowledge to improve detection and response • Investigate potential threats and participate in incident response activities, including root cause analysis and remediation • Evaluate, enhance and support internal threat modeling and penetration testing programs • Provide security oversight in engineering architecture reviews and development processes • Collaborate with Engineering, IT, Infrastructure, and Compliance teams to implement security controls aligned with frameworks like NIST, HiTrust, and CIS • Research and support onboarding of new tools and systems into the security stack • Maintain production security procedures and metrics and develop regular security training • Triage, remediate, and escalate security alerts/events/reports and participate in audit processes • Drive continuous improvement by identifying automation opportunities and enhancing detection and response capabilities

🎯 Requirements

• Minimum 2 years experience in application security, or similar security roles • Expertise in cloud environments • Development experience in any modern programming language (Python, Go, etc.) • Familiarity with software development lifecycle (SDLC) processes and source control technologies • Experience with supply chain security (dependency management, SBOMs) • Exposure to container and CI/CD security (Kubernetes, GitHub Actions, etc.) • Exposure to offensive security expertise and penetration testing certifications, such as (OSWE, OSCP+, etc.) are highly desirable • Comfortable writing detection queries and scripts • Familiarity with regulatory frameworks such as SOC 2, CIS, or HiTrust • Knowledge of common attack vectors and MITRE ATT&CK framework • Experience with SSO platforms, such as Okta and SAML are a plus • Experience with AWS, GCP, CDN/edge security tools and services are a plus • Availability to travel if needed • Experience with automation frameworks or scripting in Python, PowerShell, or Bash • Security certifications such as Security+, GCIA, GCIH, CEH, or Palo Alto PCNSE

🏖️ Benefits

• Annual cash bonuses or commission • Annual equity grants for most positions • Medical, dental, and vision insurance • 401(k) with a company match • Employee Stock Purchase Plan (ESPP) • Unlimited vacation • 13 paid holidays • 72 hours of sick leave • Mental wellness and financial wellness programs • Fertility benefits • Generous parental leave • Pet insurance • Supplemental life insurance for you and your dependents • Company-paid short-term and long-term disability