Sr. Director, Product Security



New York, NY, USA · Remote
Posted on Saturday, May 11, 2024
Who We Are
Ro is a direct-to-patient healthcare company with a mission of helping as many patients as possible achieve their health goals. Ro is the only company to offer telehealth care, at-home diagnostic testing, labs, and pharmacy services nationwide. This is enabled by Ro's vertically integrated platform that helps patients achieve their goals through a convenient end-to-end healthcare experience spanning from diagnosis, to delivery of medication, to ongoing care. Since 2017, Ro has helped millions of patients in nearly every single county in the United States, including 98% of primary care deserts.
Ro was recognized as a CNBC Disruptor 50 in 2022, listed by Inc. Magazine as a Best Place to Work in 2022 for our third consecutive year, and named one of FORTUNE's 2022 Best Medium Workplaces.
Who are you? You are a proven senior leader and hands-on software engineer. You enjoy the balance of leading with mentoring a team of rockstars and rolling up your sleeves to join in troubleshooting and incident response efforts. You can still write and review code. You are a security expert and lifelong learner, well-versed in the latest threats. You are a leader that has a track record of achieving alignment with product and engineering teams, mitigating risks while enabling the business. You subscribe to the shift-left security philosophy, enabling engineers and developers to be secure and mitigate risks early in the software development lifecycle. You are an expert communicator and kind, team player.
You will be working remotely, with required monthly travel to our NYC headquarters.

What You'll Do:

  • Lead the advancement of Ro’s product and platform security functions.
  • Collaborate with key stakeholders across product, engineering, operations, and counsel to integrate trust and security principles throughout the ecosystem.
  • Build upon and maintain our risk management framework to ensure the continual assessment of product and platform security risks. Establish and maintain repeatable patterns and processes that scale.
  • Achieve a shift-left security culture by empowering developers via self-help tools, automated tests throughout the SDLC, threat modeling, and furthering our security-as-code initiatives.
  • Conduct risk assessments of digital healthcare products and underlying platform components, identifying potential vulnerabilities and recommending risk mitigation strategies.
  • Lead the threat modeling, application security, vulnerability disclosure, bug bounty, and client-side security programs.
  • Build, maintain, and execute a robust security education program. Provide training, brownbags, secure code examples, and self-help resources that enable developers to deliver magic.

What You'll Bring:

  • 12+ years of security engineering and hands-on development experience operating a modern tech stack/security tools
  • Demonstrated track record leading product security, application security, and secure software development
  • Master's degree in computer science/engineering or commensurate experience
  • Strong interpersonal skills with the ability to build and maintain alignment with cross-functional partners
  • Proven ability to execute security roadmaps through partnerships with business leaders and project managers
  • Hands-on experience working with contemporary CI/CD development products (e.g. GitLab, GitHub, Jenkins, Sonarqube, Snyk, etc.)
  • Experience in or familiarity with Java, Python, iOS, Android, JavaScript (NodeJS)
The target for this position ranges from $255,400 to $315,500, in addition to a competitive equity and benefits package (as applicable). When determining compensation, we analyze and carefully consider several factors, including location, job-related knowledge, skills and experience. These considerations may cause your compensation to vary.
Ro recognizes the power of in-person collaboration, while supporting the flexibility to work anywhere in the United States. For our Ro’ers in the tri-state (NY) area, you will join us at HQ on Tuesdays and Thursdays. For those outside of the tri-state area, you will be able to join in-person collaborations throughout the year (i.e., during team on-sites).
At Ro, we believe that our diverse perspectives are our biggest strengths — and that embracing them will create real change in healthcare. As an equal opportunity employer, we provide equal opportunity in all aspects of employment, including recruiting, hiring, compensation, training and promotion, termination, and any other terms and conditions of employment without regard to race, ethnicity, color, religion, sex, sexual orientation, gender identity, gender expression, familial status, age, disability and/or any other legally protected classification protected by federal, state, or local law.
See our California Privacy Policy here.