Staff Security Engineer

Pomelo Care is seeking an experienced cybersecurity engineer to mature our security practices and contribute to our mission to ensure that our patients, clinicians and partners trust us implicitly. This is an exciting opportunity for someone who shares our commitment to information security to be part of a fast-paced environment that will push you to learn while doing.

As a Staff Security Engineer at Pomelo Care, you'll be a key player in shaping our security posture, safeguarding sensitive healthcare data and enabling our engineering teams to build secure and compliant products. This role requires a versatile generalist with deep technical expertise, excellent software engineering fundamentals and the agility to thrive in a startup environment. Key responsibilities will include leading and executing critical cybersecurity initiatives, spanning areas like IAM/RBAC, Application Security, Cloud Security, Endpoint Security, CI/CD and supply chain security, SAST/DAST tooling, penetration testing, bug bounty management, Incident Response, DFIR and SaaS security. Owning and continuously improve secure software development lifecycle (SDLC) processes and tools. Serving as a subject matter expert and mentor, guiding and educating teams on cybersecurity principles, secure coding and threat modeling. Participating directly in incident response activities, investigations and post-incident analysis.