Lead Security Engineer

GoodRx

1d•$135,000 - $288,000

About The Position

GoodRx is the leading prescription savings platform in the U.S. Trusted by more than 25 million consumers and 750,000 healthcare professionals annually, GoodRx provides access to savings and affordability options for generic and brand-name medications at more than 70,000 pharmacies nationwide, as well as comprehensive healthcare research and information. Since 2011, GoodRx has helped consumers save nearly $75 billion on the cost of their prescriptions. Our goal is to help Americans find convenient and affordable healthcare. We offer solutions for consumers, employers, health plans, and anyone else who shares our desire to provide affordable prescriptions to all Americans. Responsibilities: Security Architecture & Strategy Define and evolve the security architecture across cloud, application, and infrastructure domains. Lead threat modeling and risk analysis for complex systems and new product initiatives. Develop and guide implementation of secure design principles across engineering teams. Evaluate emerging security technologies and recommend strategic adoption. Risk Management & Governance Perform enterprise-level risk assessments and translate findings into prioritized remediation roadmaps. Define and improve security policies, standards, and control frameworks. Drive alignment of security practices with regulatory and compliance requirements. Provide executive-ready summaries of risk posture and mitigation strategy. Incident Response & Investigations Lead complex security investigations and incident response efforts. Conduct root cause analysis and implement systemic improvements to reduce future risk. Develop and refine runbooks, playbooks, and response automation. Act as an escalation point for high-impact security events. DevSecOps & Secure Engineering Enablement Partner with engineering teams to integrate security into the SDLC. Define standards for secure code reviews and static/dynamic analysis. Improve automation for vulnerability scanning, detection, and remediation. Guide cloud security best practices across AWS/GCP environments. Collaboration & Influence Act as a trusted advisor to engineering leadership and cross-functional partners. Influence technical decisions that balance security, scalability, and delivery speed. Foster strong relationships with vendors and external security partners. Mentor and guide junior security engineers and engineers outside the security team. Security is responsible for implementing security measures, monitoring suspicious activity, and taking immediate action against cyber threats through the incident response process and vulnerability management program. Additionally, Security monitors GoodRx’s organizational systems for end users’ activities from an information security perspective and correlates / analyzes logs to detect potential Events and Incidents. Lastly, the team works collaboratively with other departments to improve the organization’s security posture.

Requirements

8+ years of cybersecurity or security engineering experience.
Deep expertise in application security, cloud security (AWS/GCP), and modern DevSecOps practices.
Prior experience with modern javascript frameworks and microservice architecture
Demonstrated experience designing and implementing scalable security architectures.
Strong understanding of SDLC, CI/CD pipelines, and secure development practices.
Experience conducting enterprise-level risk assessments and incident investigations.
Strong analytical thinking and ability to assess ambiguous risk scenarios.
Excellent written and verbal communication skills, including ability to influence senior stakeholders.
Ability to operate independently and exercise sound judgment on high-impact security decisions.

Nice To Haves

Experience working in regulated environments (HIPAA, SOC2, PCI, etc.).
Offensive security experience or strong understanding of adversarial techniques.
Development experience in any modern programming language is a plus (Python, Rust, Go, etc).
Experience with SSO platforms (Okta, SAML).
Experience with SIEM/SOC tooling and observability platforms.
CISSP or equivalent security certification.
Cloud security certifications (AWS/GCP) preferred.
Certified Kubernetes Administrator certification is a plus.

Responsibilities

Security Architecture & Strategy Define and evolve the security architecture across cloud, application, and infrastructure domains.
Lead threat modeling and risk analysis for complex systems and new product initiatives.
Develop and guide implementation of secure design principles across engineering teams.
Evaluate emerging security technologies and recommend strategic adoption.
Risk Management & Governance Perform enterprise-level risk assessments and translate findings into prioritized remediation roadmaps.
Define and improve security policies, standards, and control frameworks.
Drive alignment of security practices with regulatory and compliance requirements.
Provide executive-ready summaries of risk posture and mitigation strategy.
Incident Response & Investigations Lead complex security investigations and incident response efforts.
Conduct root cause analysis and implement systemic improvements to reduce future risk.
Develop and refine runbooks, playbooks, and response automation.
Act as an escalation point for high-impact security events.
DevSecOps & Secure Engineering Enablement Partner with engineering teams to integrate security into the SDLC.
Define standards for secure code reviews and static/dynamic analysis.
Improve automation for vulnerability scanning, detection, and remediation.
Guide cloud security best practices across AWS/GCP environments.
Collaboration & Influence Act as a trusted advisor to engineering leadership and cross-functional partners.
Influence technical decisions that balance security, scalability, and delivery speed.
Foster strong relationships with vendors and external security partners.
Mentor and guide junior security engineers and engineers outside the security team.