Application Security Architect
At GoodRx, we believe that all Americans should have access to convenient and affordable healthcare. As a nation, we spend about $3.5 trillion annually on our healthcare, but too many Americans don't get the care they need, and prices just keep rising. We started with prescriptions, and we've helped over 100 million Americans save over $15 billion to date. Now, we're aiming to tackle all of healthcare. GoodRx is a profitable business funded by top-tier investors; we're based in Santa Monica with additional offices around the country. We're a low-key and tight-knit group that likes to find new ways to fix problems. If you share our belief that you can do well by doing good, let's talk.
About the Role
GoodRx is looking for a hands-on Application Security Architect to keep information safe and eliminate risks across our products and internal systems. This individual will collaborate with GoodRx’s Information Security and developer teams to ensure that applications exceed secure development best practices.
Responsibilities:
- Lead definition of secure-SDLC and product security maturity model, to adopt a shift-left approach to security
- Develop in-depth security architecture, design and coding standards across infrastructure, application and data security, to drive a standardized set of security requirements, and align with internal policies and meet external compliance/regulatory requirements
- Perform threat modeling, conduct reviews of security architecture and platform/service designs, and audit source code
- Provide product security related coaching and mentoring to elevate security expertise of development teams
- Oversee the GoodRx bug bounty program and work with independent security researchers as needed
- Develop automation for security reviews that can be integrated into our existing CI/CD pipelines
- Conduct research on emerging products, services, and standards in support of security enhancement and development efforts
- Monitor and proactively report on current threats and vulnerabilities to application security
Skills & Qualifications:
- Degree in Computer Science or equivalent experience
- Minimum 10 years experience in the field of application security
- Experience writing software in one or more of the following languages: Python, Golang, JavaScript
- Experience with at least one popular Python Web Framework: Pyramid, Flask, Django
- Experience designing and implementing RESTful APIs
- Expert knowledge of web application design, development and testing techniques
- Strong problem solving and creative skills and the ability to exercise sound judgment and make decisions based on accurate and timely analyses
- Experience with cloud environments such as AWS or GCP
- Participation in the bug hunting / bug bounty communities is a plus
- Experience with HIPAA / SOC-2 / PCI or CCPA a plus
- CISSP, CISA, CEH, OSCP, or other industry recognized security certification(s) is preferred
About GoodRx
GoodRx is the country's leading marketplace for affordable and convenient healthcare. The company offers the most comprehensive and accurate resource for prescription medications in the U.S., gathering pricing information from thousands of pharmacies coast to coast. More than 12 million consumers use GoodRx each month to find current prices and discounts for their medications. Since 2011, Americans with and without health insurance have saved more than $15 billion using GoodRx – more than $5 billion in 2019 alone. With GoodRx Care, Americans can get an online medical visit with a skilled physician for fast and easy treatment, prescriptions, and lab tests for routine medical issues. GoodRx is the #1 medical app on the iOS and Android app stores and tens of thousands of doctors recommend GoodRx to their patients. For more information, visit www.goodrx.com.