Principal Software Engineer Security

GoodRx is the leading prescription savings platform in the U.S.Trusted by more than 25 million consumers and 750000 healthcare professionals annually GoodRx provides access to savings and affordability options for generic and brandname medications at more than 70000 pharmacies nationwide as well as comprehensive healthcare research and information. Since 2011 GoodRx has helped consumers save nearly $75 billion on the cost of their prescriptions.

Our goal is to help Americans find convenient and affordable healthcare. We offer solutions for consumers employers health plans and anyone else who shares our desire to provide affordable prescriptions to all Americans.

Principal Security Engineer

About the Role

GoodRx is looking for a handson Principal Security Engineer to keep information secure and eliminate risks across our products and internal systems. This individual will collaborate with GoodRxs Sr. Security Engineering manager security engineering team and the larger organization to ensure our services are well vetted and maintained. The Principal Security Engineer will have a strong technical background in programming languages a strong multitasker and a proactive mindset. The Principal Security Engineer will work on remediating vulnerabilities reduce risk and partner with other teams to deliver a best in class security service.The ideal candidate is a software engineer with a strong technical foundation in coding system design and problemsolving who either has prior experience in security or a demonstrated interest in the field. They should be eager to apply their engineering expertise to security challenges staying up to date with emerging threats and best practices to help build secure resilient systems.

Responsibilities:

• Serve as a technical security leader within the security engineering team

• Advocate for a strong security culture within the engineering teams throughout the organization

• Provide support for issues that require escalation and resolve complex issues

• Ability to incorporate contextual awareness and risk to provide sound security solutions

• Design and implement application security automation within CI/CD pipelines to detect and remediate security issues early

• Architect develop and optimize securitycentric software solutions

• Perform risk analysis across the enterprise and production environments to identify and remediate both internal and external threats

• Develop and support an internal penetration testing program

• Provide advanced security systems technology support as it applies to the installation and maintenance of security tooling processes procedures and runbooks

• Maintain and advise on security technologies and tools

• Provide technical mentorship and security training to engineers and developers across the organization

• Provide systems support with respect to building or improving systems security

• Provide Security oversight in engineering architecture reviews and RFC processes

• Plan coordinate and conduct investigations of alleged and suspected security events

• Ability to work independently to ensure goals set by leadership are reached and work effectively as a team player as a senior member of the team

• Triage remediate and escalate security alerts / events / reports

• Maintain all required business controls elements of the security program and participates in the audit process for assigned areas of responsibility

• Collaborate with security engineers DevOps and product teams to embed security best practices across the development lifecycle

Required Technical and Professional Expertise:

• At least 10 years of experience in cyber security focusing on vulnerabilities and threat management

• Bachelors degree in Computer Science Information Systems or a related field

• Development experience in any modern programming language (Python Go etc.

• Strong familiarity with software development lifecycle (SDLC) processes and source control technologies

• Offensive security expertise and penetration testing certifications such as (OSCP OSCP etc. are highly desirable

• Experience working in a DevSecOps environment

• Experience in zerotrust architectures and secure microservices development

• Experience deploying security tools in Docker and Kubernetes

• Experience integrating and automating security tooling/scanning

• Excellent problemsolving skills and the ability to lead complex securityfocused software projects

• Ability to create solutions that are scalable repeatable secure and maintainable

• Experience with risk assessment & analysis emergency preparedness and investigations/incident management

• Excellent communication and team relationship skills

• Experience working in a SOC and using SIEM tools (SumoLogic Splunk etc.

• Experience with SSO platforms such as Okta and SAML

• Experience working with SAST DAST and SCA tools (Snyk Semgrep Veracode etc.

• Experience deploying and managing edge security controls including WAF and bot management

• At least 35 years experience with AWS GCP CDN/edge security tools and services

• AWS and GCP certifications are a plus

• CISSP certification is a plus

• Certified Kubernetes Administrator certification is a plus

• Availability to travel if needed

All GoodRx employees are responsible for reviewing and complying with all Company safety and security policies and procedures being vigilant and observant of potential security threats (including phishing attempts) and proactively communicating with the Security Team to raise any concerns. Security is responsible for implementing security measures monitoring suspicious activity and taking immediate action against cyber threats through the incident response process and vulnerability management program. Additionally Security monitors GoodRxs organizational systems for end users activities from an information security perspective and correlates / analyzes logs to detect potential Events and Incidents. Lastly the team works collaboratively with other departments to improve the organizations security posture.

Security is responsible for implementing security measures monitoring suspicious activity and taking immediate action against cyber threats through the incident response process and vulnerability management program. Additionally Security monitors GoodRxs organizational systems for end users activities from an information security perspective and correlates / analyzes logs to detect potential Events and Incidents. Lastly the team works collaboratively with other departments to improve the organizations security posture.

At GoodRx pay ranges are determined based on work locations and may vary based on where the successful candidate is hired. The pay ranges below are shown as a guideline and the successful candidates starting pay will be determined based on jobrelated skills experience qualifications and other relevant business and organizational factors. These pay zones may be modified in the future. Please contact your recruiter for additional information.

San Francisco and Seattle Offices:

$226000.00 $361000.00

New York Office:

$207000.00 $331000.00

Santa Monica Office:

$188000.00 $301000.00

Other Office Locations:

$169000.00 $271000.00

GoodRx also offers additional compensation programs such as annual cash bonuses and annual equity grants for most positions as well as generous benefits. Our great benefits offerings include medical dental and vision insurance 401(k) with a company match an ESPP unlimited vacation 13 paid holidays and 72 hours of sick leave. GoodRx also offers additional benefits like mental wellness and financial wellness programs fertility benefits generous parental leave pet insurance supplemental life insurance for you and your dependents companypaid shortterm and longterm disability and more!

Were committed to growing and empowering a more inclusive community within our company and industry. Thats why we hire and cultivate diverse teams of the best and brightest from all backgrounds experiences and perspectives. We believe that true innovation happens when everyone has a seat at the table and the tools resources and opportunities to excel.

With that said research shows that women and other underrepresented groups apply only if they meet 100 of the criteria. GoodRx is committed to leveling the playing field and we encourage women people of color those in the LGBTQ communities individuals with disabilities and Veterans to apply for positions even if they dont necessarily check every box outlined in the job description. Please still get in touch wed love to connect and see if you could be good for the role!

GoodRx is committed to providing reasonable accommodations for candidates with disabilities during our recruiting process. If you need any assistance or accommodations due to a disability please reach out to us at.

GoodRx is Americas healthcare marketplace. The company offers the most comprehensive and accurate resource for affordable prescription medications in the U.S. gathering pricing information from thousands of pharmacies coast to coast as well as a telehealth marketplace for online doctor visits and lab tests. Since 2011 Americans with and without health insurance have saved $60 billion using GoodRx and million consumers visitgoodrxeach month to find discounts and information related to their healthcare. GoodRx is the #1 most downloaded medical app on the iOS and Android app stores. For more information visit.