Staff Software Engineer - Product Security

What You’ll Do

Security Platform Engineering

• Design and implement scalable infrastructure supporting HIPAA, SOC 2, and ISO 27001 compliance
• Build and maintain systems for identity, authentication, and access management (Okta / GCP IAM / Auth0/ OPA)
• Implement observability and anomaly detection across microservices, data stores, and SaaS platforms
• Establish Zero Trust principles and enforce least-privilege access company-wide
• Develop compliance observability dashboards and automated evidence collection

Security Automation & Tooling

• Create self-service security tools that integrate with developer workflows (GitLab CI/CD, Terraform)
• Automate onboarding/offboarding, access reviews, and approvals
• Integrate software-supply-chain security (SBOM, dependency scanning)
• Develop or adopt AI-assisted security tooling to proactively identify risks
• Automate policy enforcement, SAST/DAST scans, and compliance verification

Application & Data Security

• Lead threat modeling and security architecture reviews for new products and services
• Partner with product and data teams to embed secure-by-default design patterns
• Ensure encryption, access tracking, and secure data handling across PHI workflows
• Contribute to incident response, post-mortems, and continual improvement of security posture

Leadership & Collaboration

• Act as Maven’s technical authority for security engineering
• Mentor peers and promote secure coding and architecture practices
• Partner cross-functionally (Engineering, Compliance, Clinical, Legal) to align on security strategy
• Champion an engineering culture of transparency, accountability, and continuous improvement

What You’ll Bring

Required

• 8+ years of software engineering experience, including 3+ in security infrastructure or application security
• Proven ability to design and