Staff Security Engineer

What you'll do

Pomelo Care is seeking an experienced cybersecurity engineer to mature our security practices and contribute to our mission to ensure that our patients, clinicians and partners trust us implicitly. This is an exciting opportunity for someone who shares our commitment to information security to be part of a fast-paced environment that will push you to learn while doing.

As a Staff Security Engineer at Pomelo Care, you'll be a key player in shaping our security posture, safeguarding sensitive healthcare data and enabling our engineering teams to build secure and compliant products. This role requires a versatile generalist with deep technical expertise, excellent software engineering fundamentals and the agility to thrive in a startup environment.

Key responsibilities will include:

• Lead and execute critical cybersecurity initiatives, spanning areas like IAM/RBAC, Application Security, Cloud Security, Endpoint Security, CI/CD and supply chain security, SAST/DAST tooling, penetration testing, bug bounty management, Incident Response, DFIR and SaaS security.
• Develop and implement security solutions and frameworks that proactively mitigate risks and address evolving threats.
• Collaborate cross-functionally with engineering, product, compliance and executive teams to drive adoption of security best practices.
• Own and continuously improve secure software development lifecycle (SDLC) processes and tools.
• Serve as a subject matter expert and mentor, guiding and educating teams on cybersecurity principles, secure coding and threat modeling.
• Participate directly in incident response activities, investigations and post-incident analysis.
• Demonstrate humility, entrepreneurial spirit, strong communication skills and comfort contributing to a dynamic, cross-functional environment.

Who you are

• 10+ years of hands-on experience in cybersecurity with a robust software engineering foundation.
• Direct hands-on expertise in at least 2-3 key security areas (IAM, Application Security, Cloud Security, CI/CD security, Incident Response, etc.).
• Curiosity and openness to learn new cybersecurity domains that may not be familiar.
• Direct experience working in some parts of the full technology stack including Google Cloud Platform (GCP), Kotlin, React/Next.js, Swift, Expo, XCode, Android Studio, yarn, npm, Code Build, among others.
• Previous cybersecurity experience within healthcare environments and startups, demonstrating familiarity with regulatory frameworks (e.g., HIPAA) and supporting security certifications such as SOC 2 Type 2 and HITRUST.
• Strong technical background including full stack software development, system architecture and security fundamentals such as PKI, SAML, JWT, HMAC as well as MITRE ATT&CK and D3FEND frameworks and OWASP top ten mitigations.
• Proven ability to thrive in agile environments, adapting quickly and wearing multiple hats to help scale security programs.
• Strong problem-solving skills, excellent communication abilities, and a collaborative mindset.
• Relevant industry certifications (e.g., CISSP, CISM, CCSP) are highly desirable. OSCP is a big plus.
• Exceptional communication skills and the ability to convey complex security concepts to non-technical stakeholders.

This role plays a pivotal part in fortifying Pomelo Care's security foundation, ensuring the confidentiality, integrity and availability of our information assets. If you are a seasoned security professional, we invite you to join our dynamic team and contribute to our ongoing commitment to information security excellence.

Why you should join our team

By joining Pomelo, you will get in on the ground floor of a fast-moving, well-funded, and mission-driven startup that always puts the patient first. You will learn, grow and be challenged -- and have fun with your team while doing it.

We strive to create an environment where employees from all backgrounds are respected. We also offer:

• Competitive healthcare benefits
• Generous equity compensation
• Unlimited vacation
• Membership in the First Round Network (a curated and confidential community with events, guides, thousands of Q&A questions, and opportunities for 1-1 mentorship)

At Pomelo, we are committed to hiring the best team to improve outcomes for all mothers and babies, regardless of their background. We need diverse perspectives to reflect the diversity of problems we face and the population we serve. We look to hire people from a variety of backgrounds, including but not limited to race, age, sexual orientation, gender identity and expression, national origin, religion, disability, and veteran status.