BetterHelpRemote
Head of Security Engineering
United States of America
Full Time
3 days ago
$250,000 - $300,000 USD
Visa Sponsor
Key skills
AIMLSDLCLeadershipCommunicationPenetration Testing
About this role
BetterHelp is on a mission to make mental health care more accessible to everyone, and they are seeking a highly technical Head of Security Engineering to lead their security strategy. This role focuses on offensive security, identifying vulnerabilities, and strengthening defenses across the organization while providing oversight in Security Operations and Application Security.
Responsibilities:
- Lead BetterHelp’s security engineering strategy, with offensive security as the foundation
- Operate with a red team / attacker mindset, identifying vulnerabilities across applications, infrastructure, and internal systems
- Direct and evolve the company’s red team capabilities, including penetration testing, code review, and vulnerability discovery
- Provide oversight and guidance across:
- Partner closely with Engineering to embed security into the software development lifecycle (SDLC)
- Strengthen processes around vulnerability management, detection, and response
- Build and improve offensive security tooling and capabilities, complementing external programs like Bugcrowd
- Help reduce technical debt and improve system resilience through proactive security practices
- Identify and address emerging threats, including AI security risks
- Mentor and guide a strong team, setting a high bar for technical rigor and impact
Requirements:
- 5+ years of security leadership experience
- 10+ years of experience in security engineering
- Strong background in offensive security (red team, penetration testing, or bug bounty)
- Deep understanding of how modern systems are attacked, and how to defend against them
- Experience working across or leading Red team, Blue team / SecOps, or Application Security
- Experience setting strategy, managing roadmaps, and delivering measurable security outcomes across multiple teams
- Ability to operate both strategically and hands-on
- Experience working in fast-paced environments with frequent releases
- Strong communication skills with both technical and non-technical stakeholders
- Experience with AI/ML security or emerging attack vectors
- Experience working with PHI/PII
- Experience operating in environments with high regulatory, privacy, or customer trust requirements
- Experience building and operating security programs for large-scale cloud, distributed systems, or consumer platforms
- Experience partnering with GRC teams