Senior Director, Product Security
1PasswordSalary not specified
Full Time
Expert & Leadership (9+ years)
$180,000 – $250,000Compensation
Senior (5 to 8 years)Experience Level
Full TimeJob Type
UnknownVisa
SoftwareIndustries
Requirements
- 8+ years of experience in security engineering, with at least 3+ years as a direct people manager leading security teams
- Strong track record of building and scaling Application Security programs in cloud-native SaaS environments (AWS strongly preferred)
- Hands-on-keyboard proficiency in a modern programming language (e.g., Go, Python)
- Demonstrated success leading vulnerability management programs
- Deep experience with tools and processes used to secure the SDLC (SAST, DAST, SCA, CI/CD pipeline integration)
- Proven ability to run effective threat modeling exercises
- Excellent communication skills
- Experience securing platforms in a regulated healthcare environment and familiarity with HIPAA and HITRUST controls
- Background in running external-facing security programs (bug bounty, responsible disclosure, customer security reviews)
- Familiarity with Infrastructure as Code (IaC) principles and tools like Terraform
- Experience navigating compliance frameworks beyond healthcare (ISO 27001 or SOC 2)
Responsibilities
- Manage, mentor, and grow the Application Security, Vulnerability Management, and Security Assessment teams
- Define and execute the application security roadmap
- Serve as a technical leader and mentor, guiding architectural decisions
- Evolve the secure SDLC through the implementation of SAST, DAST, and SCA tooling
- Champion and guide the strategy for modern access control (JIT access, least-privilege initiatives)
- Oversee key security programs (threat modeling, bug bounty, penetration testing, vulnerability management)
- Partner with engineering and product leaders to ensure security and privacy are designed into products
Skills
Key technologies and capabilities for this role
Questions & Answers
Common questions about this position
Is this a remote position?
Yes, this is a remote role reporting to the Chief Information Security Officer.
What experience is required for this role?
Candidates need 8+ years of experience in security engineering, with at least 3+ years as a direct people manager leading security teams, plus a strong track record of building and scaling Application Security programs in cloud-native SaaS environments.
What technical skills are essential for this position?
Hands-on proficiency in modern programming languages like Go and Python is required, along with deep experience in SAST, DAST, SCA tools, vulnerability management, threat modeling, and securing SDLC in cloud-native environments.
What is the team culture like?
The role involves managing, mentoring, and growing the Application Security, Vulnerability Management, and Security Assessment teams, while fostering a culture of engineering excellence and proactive security ownership.
What makes a strong candidate for this role?
A strong candidate has experience securing platforms in regulated healthcare environments with HIPAA and HITRUST familiarity, running bug bounty programs, and partnering with engineering to embed security early, plus excellent communication skills for technical and executive audiences.
Included Health
Healthcare advocacy and specialized care services
About Included Health
Included Health focuses on enhancing the healthcare experience for individuals who often face challenges in accessing quality care. The company provides a variety of services, including primary care, behavioral health, and virtual care, ensuring that members receive timely and appropriate treatment. Their model emphasizes 24/7 on-demand care with a diverse group of providers, allowing for personalized support tailored to complex health needs. Unlike many competitors, Included Health prioritizes underserved populations and partners with employers and consultants to deliver comprehensive healthcare solutions that not only improve health outcomes but also help reduce costs. The ultimate goal of Included Health is to make quality healthcare accessible and understandable for everyone, particularly those who have been overlooked by traditional healthcare systems.
San Francisco, CaliforniaHeadquarters
2020Year Founded
$337.5MTotal Funding
GROWTH_EQUITY_VCCompany Stage
HealthcareIndustries
51-200Employees
Benefits
Along with comprehensive medical, dental and vision plans; all employee spouses and children can access Included Health services at no cost. For time off, take it when you need it with our unaccrued discretionary time off for all exempt employees.
Risks
Competition from Teladoc and Amwell threatens market share.
Post-merger integration challenges could affect service delivery.
Regulatory scrutiny on telehealth may impact operational flexibility.
Differentiation
Included Health offers integrated primary and behavioral health services.
They provide 24/7 on-demand care with diverse providers.
Their data-driven approach enhances healthcare outcomes and reduces costs.
Upsides
Rising demand for telehealth boosts Included Health's virtual care services.
Employers investing in healthcare benefits expand Included Health's client base.
Value-based care models align with Included Health's focus on outcomes.
Related Jobs
RemoteRemoteApplication Security Lead
Accurate BackgroundSalary not specified
- Full Time
- Expert & Leadership (9+ years)
RemoteSecurity Architect
EarnestSalary not specified
- Full Time
- Expert & Leadership (9+ years)
RemotePrincipal Security Engineer, Application Security
Trail of BitsSalary not specified
- Full Time
- Senior (5 to 8 years)
RemoteSecurity Program Manager
OpenAISalary not specified
- Full Time
- Senior (5 to 8 years), Expert & Leadership (9+ years)
RemoteEngineering Manager, Password Manager
1PasswordSalary not specified
- Full Time
- Junior (1 to 2 years)
RemoteSenior Application Security Engineer
M&T BankSalary not specified
- Full Time
- Senior (5 to 8 years), Expert & Leadership (9+ years)