Hims & Hers is the leading health and wellness platform, on a mission to help the world feel great through the power of better health. We are redefining healthcare by putting the customer first and delivering access to care that is affordable, accessible, and personal, from diagnosis to treatment to delivery. No two people are the same, so we provide access to personalized care designed for results. By normalizing health & wellness challenges and innovating on their solutions, we’re making better health outcomes easier to achieve.

In Short

Conduct security assessments using SAST, DAST, and SCA tools to identify vulnerabilities in applications
Perform code reviews and provide secure coding guidance to development teams
Implement and maintain GitHub Advanced Security, including secret scanning and code scanning
Assess and improve security of Infrastructure as Code (IaC) deployments using Terraform
Evaluate container security in our Docker and Kubernetes environments
Support CI/CD security integration and automation
Conduct penetration testing and red team/purple team exercises on applications
Review and secure API implementations, with focus on GraphQL security
Evaluate AI/ML model security and implement protections against prompt injection and other AI-specific threats
Collaborate with the Staff AppSec Engineer on CIAM and advanced AI security initiatives

Requirements

Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or related field
5-8 years of experience in application security or a related security field
Hands-on coding experience and ability to review code in multiple languages
Professional experience with SAST tools (e.g., SonarQube, Checkmarx, Fortify)
Professional experience with DAST tools (e.g., Burp Suite, OWASP ZAP)
Professional experience with SCA tools (e.g., Snyk, Black Duck, WhiteSource)
Experience with GitHub Advanced Security features
Container security scanning and IaC security scanning tools experience
Strong understanding of OWASP Top 10 and secure coding practices
Experience with penetration testing methodologies
Knowledge of security frameworks: NIST CSF, NIST 800-53, SOC 2, PCI DSS
Excellent communication skills to articulate security findings to technical and non-technical stakeholders

Benefits

Competitive salary & equity compensation for full-time roles
Unlimited PTO, company holidays, and quarterly mental health days
Comprehensive health benefits including medical, dental & vision, and parental leave
Employee Stock Purchase Program (ESPP)
401k benefits with employer matching contribution
Offsite team retreats

Hims & Hers

Hims & Hers Health, Inc. is a leading health and wellness platform dedicated to enhancing the well-being of individuals through innovative telehealth solutions. The company focuses on making personalized health products and services accessible, offering a range of nonprescription and prescription solutions for various health conditions, including mental health, sexual health, hair care, skincare, and heart health. As a publicly traded company on the NYSE under the ticker symbol 'HIMS', Hims & Hers is committed to continuous innovation in the healthcare space, promoting a culture that values flexibility, inclusivity, and exceptional patient care.

Share This Job!

Save This Job!

Jobs from Hims & Hers:

Compensation Analyst

Compensation Analysis

JOB Evaluation

Data Analysis

Medical Director, Canada

Medical Degree

Canadian Medical License

Clinical Experience

Lead Data Analyst, Operations, Quality