Staff Product Security Engineer

Staff Product Security Engineer

Who we are

We’re doxy.me (doc-see-me), the world's most loved telemedicine solution, and we're on a mission to connect the world to the future of healthcare.

We believe that cost and complexity should never be a barrier to telemedicine. That’s why we created a simple, free, and secure telemedicine platform. Since 2013, we’ve grown to more than 1 million healthcare providers from 180+ countries who have clocked over 8 billion minutes of telemedicine sessions to date.

Our goal is to deliver the future of healthcare to every patient and healthcare professional on earth. Help us get there by joining our team of innovators, dreamers, and doers.

We’re a remote-first company with regional hubs for in-person collaboration (Austin, TX, Boston, MA, Charleston, SC, Salt Lake City, UT & London, UK).

Who you are

We’re seeking a Staff Product Security Engineer who thrives on making an impact by being part of a team that ensures that Doxy.me is safe, secure, and compliant over time with industry standards for security, secure SDLC, and secure operating principles. As an early member of Doxy.me’s Application Security team you will build the technical foundation of the security and privacy of our products long into the future.

What you’ll do

• Provide security leadership and guidance within our product engineering teams through developer-led threat modelling and education on security and privacy best practices that prevent the authoring of vulnerabilities.

• Coordinate security requirements and standards throughout the product life cycle by working closely with product engineering to manage the vulnerabilities, cryptography, security monitoring, and risk management controls within our application-based products.

• Participate in the development of Doxy.me’s DevSecOps security strategy and posture by designing, advocating and helping build secure-by-default CI/CD pipelines and processes

• Develop engineering reference implementations on the topics of security patterns and security guardrails, including how to implement these into software frameworks and the technology stack. Additionally, support and implement security technology and security control design proof of concepts and implementations

• Be a pioneering member of the Doxy.me Information Security Team; liaise with Product and Engineering teams to ensure all product business cases include functional security specs to ensure compliance with information security standards 

• Track trends against various metrics that capture the risks, threats, and vulnerabilities within the product environment then prioritise and implement remediation activities for application flaws.

Your skills and experience

• A Bachelor's degree in computer science, programming, or related field and or equivalent job experience in lieu of a degree.

• Experience working with remote, globally distributed teams  

• Experience working in organisations that develop software and/or operate managed infrastructure and technology services for their customers   

• Deep expertise with cloud architecture, particularly with AWS platforms and services (also consider equivalent experience in Azure or GCP), alongside skills within Kubernetes and/or similar container infrastructure

• Secure development and application of IAC solutions (Terraform, Helm) 

• Experience with DevOps tools and processes, such as continuous integration and continuous deployment (CI/CD)

• Experience with security testing tools, such as static Code analysis and dynamic Application security testing (DAST)

• Strong understanding of OWASP Top 10, application security vulnerabilities and web security testing methodologies

• Understanding of secure coding practices for compliance requirements within SOC2, ISO, HIPAA, HITRUST, etc.

• Able to effectively give, receive, and respond to feedback

• Eagerness to educate company employees about security measures.

What we can offer you

We have been evolving our benefits since launching in the UK in 2023; we’re continually seeking employee feedback to ensure they deliver real value to everyone and, as such, the below is not a finite, exhaustive list.  Alongside a competitive salary, we also offer;

• Unlimited PTO

• Private medical, optical and dental healthcare through AXA

• 5% matched company pension

• Remote working - we have recently secured a small flexible office workspace in London Liverpool Street (here). Our current expectations are for teams to meet once per month in office; we would still anticipate a remote dominant environment going forward

• Company equipment (inc. latest laptop) + £500 spending allowance on equipment you can keep

• A great, supportive culture. Our employees give us a 4.8 on Glassdoor.

Interview process

• 1st stage - Chat with our internal recruiter

• 2nd stage - Hiring Manager interview

• 3rd stage - Technical interview

• 4th stage - Meet with our VP of Engineering

Additional information

• Doxy.me tech stack   

  • Frontend: React, TypeScript, Playwright, WebRTC, Next.js, Nx.dev

  • Backend: Nodejs, TypeScript, Jest, NestJS, Nx.dev

  • Cloud: AWS

  • 3rd party: Vonage, Pubnub, Segment, Twilio, Stripe

• Our products: 

  • Doxy.me: The simple, free, and secure telemedicine solution currently used by over 1,000,000 doctors worldwide and helping over 350,000 patients/day. 

  • dokbot.io: Patient-focused data collection for healthcare. 

  • adhere.ly: Providing healthcare practitioners with the tools to ensure patients complete their course of treatment

• Our team: technologists, academics, researchers, and innovators from all over the world. English is the language used in all internal communication.

• To ensure HIPAA compliance we perform background checks after extending a job offer