Director of Security Engineering
Oscar is looking for a Director of Security Engineering to join their Engineering team and help lead major security program functions.
Oscar is a technology-driven, consumer-focused health insurance startup founded in 2012 and headquartered in New York City. Our goal is to make health insurance simple, transparent, and human. We need your help to do so.
Taking care of our Members includes securing their data and ensuring business operations are resilient to threats related to computer and kinetic events. The mission of the Security team is to protect the data our customers have entrusted to us, and make it possible for Oscar management to make informed, risk-calibrated decisions.
About the Role
- Own one of the major security program functions, that builds software and automation to make security goals easier for Engineering, Security, and the rest of the company. Participate in security-focused software development in collaboration with Engineering and while adhering to regular Engineering practices, technologies, and platforms. Test existing and prospective applications so their weaknesses are known before they are subject to attack.
- The Director of Security Engineering will specifically manage the following program components:
- Application Security
- Penetration Testing
- Infrastructure Security
- Identity and Access Management (IAM)
- Maintaining a trusted and constructive collaboration with Oscar’s Engineering organization
- Build a team designed to deliver value across the programmatic areas of responsibility with a company-wide scope of impact
- Ultimately manage a team of approximately 8 people, consisting of other engineers supporting your objectives for protecting the company and its Members
- Build and maintain mutual trust with key stakeholders in the company, such as Engineering, Product, Data, and Compliance
- Work with multiple technology teams including the product teams creating Oscar’s industry leading offerings, technology infrastructure teams, IT support, and more.
- In their day-to-day, this role would be meeting with senior technology leadership on any number of key initiatives, providing technology guidance and business insight to their reports, rolling up their sleeves to partner with their team in building and deploying security solutions, working with compliance and governance roles to ensure the company’s software and systems are resilient and tested against threats.
- Security Enablement Services - Produce Netflix-model roadmap for delivering security support to Engineering and elsewhere in the company, with drive toward secure-by-default as a primary goal, self-service tooling as a secondary goal, and consulting as a tertiary goal to integrate security while minimizing or reducing friction.
- IAM - continue work initiated by MAR, to automate and scale the method developed to conduct routine access review, identify hot spots for access management focus.
You’d succeed in this role if you:
- 8+ years experience in security engineering, or a combination of time spent in software engineering and security experience
- Deep understanding of enterprise identity management, and building IAM platforms
- Strong collaborator; familiar with successful models bridging Engineering and Security priorities
- History of transformative work serving internal customers by delivering secure-by-default and self-service options to meet security goals
- Are familiar with government and regulatory agencies that oversee the healthcare industry.
- Are an expert in Cloud security practices and solutions for major CSPs.
- AWS, Terraform, Mesos, Phabricator, JIRA
- Communicate effectively with executive leadership. Engage with company leadership in person and in writing.
- Build risk assessment frameworks
- Write policies
Life at Oscar:
At Oscar, being an Equal Opportunity Employer means more than upholding discrimination-free hiring practices. It means that we cultivate an environment where people can be their most authentic selves and find both belonging and support. We're on a mission to change health care -- an experience made whole by our unique backgrounds and perspectives.
We encourage our members to care for their whole selves, and we encourage our employees to do the same with comprehensive medical benefits, generous paid-time off, paid parental leave, retirement plans, company social events, stocked kitchens, wellness programs, and volunteer opportunities.
Oscar applicants are considered solely based on their qualifications, without regard to applicant’s disability or need for accommodation. Any Oscar applicant who requires reasonable accommodations during the application process should contact the Oscar Benefits Team (email@example.com) to make the need for an accommodation known.
Pay Transparency Policy:
Oscar ensures that you won't be discharged or discriminated against based on whether you've inquired about, discussed, or disclosed your pay. Read the full policy here.