Key skills
CybersecurityCloud securityApplication securityInfrastructure securityPythonGoJavaRustBashSoftware development lifecycle (SDLC)Source control technologiesDevSecOpsRisk assessmentIncident managementSIEMSecurity monitoringThreat detectionIncident responseObservability platformsContainerized workloadsKubernetesCI/CD pipelinesVulnerability managementSecrets managementWorkload protectionIdentity and access managementOktaSAMLOAuthDescopeOIDCAuthenticationAuthorizationPrivileged access managementAWSGCPNIST CSFSOC 2HITRUSTISO 27001CIS ControlsCISSPCISMTeam relationship skillsAIIAMIdentity ManagementSource ControlSDLCCI/CDLeadershipCommunicationNetwork SecurityCloud Security
About this role
GoodRx is the leading prescription savings platform in the U.S. and they are seeking a Manager of Security Engineering to lead and develop a team of security engineers. This role involves executing security engineering roadmaps, improving security policies, and leveraging AI to enhance productivity and security operations.
Responsibilities:
- Leads, hires, develops, and manages security engineers through coaching, performance management, and career development
- Develops and executes the team's security engineering roadmap, balancing risk reduction, operational effectiveness, and business objectives
- Develops and maintains security engineering services and controls that align with business objectives and industry best practices
- Recommends improvements to security policies, standards, and procedures that strengthen the organization's security posture, including encompassing and considering emerging risks such as AI adoption and use
- Works closely with leadership, teams, and cross-functional business groups to establish alignment on the security roadmap, plan and vision
- Uses business knowledge and contextual awareness to guide team technical decisions related to cloud security, application security, identity management, and emerging technologies
- Leads risk assessments, threat modeling, incident response, and security investigations related to production systems, cloud infrastructure, and new product initiatives
- Establishes and develops security vendor relationships to ensure effective and efficient supplier performance results
- Partners with Security, Compliance, Engineering, and IT stakeholders to support security awareness initiatives and promote secure engineering practices
- Partners with Compliance and Audit teams to support security controls, audit readiness, evidence collection, and remediation activities
- Drives adoption of DevSecOps practices, security automation, vulnerability management, secure code review processes, and secure-by-default engineering patterns
- Establishes operational metrics and reporting to measure the effectiveness of security controls, detection capabilities, and team performance
Requirements:
- 8+ years of experience in cybersecurity, cloud security, application security, infrastructure security, or related domains
- Bachelor's degree in Computer Science, Information Systems, or a related field or equivalent practical experience
- Experience with one or more modern programming or scripting languages (Python, Go, Java, Rust, Bash, or similar)
- Strong familiarity with software development lifecycle (SDLC) processes and source control technologies
- Strong understanding of DevSecOps, application security principles, secure software development practices, and modern software delivery environments
- Ability to create solutions that are scalable, repeatable, secure and maintainable
- Experience with risk assessment & analysis, emergency preparedness, and investigations/incident management
- Excellent communication and team relationship skills
- Experience with SIEM, security monitoring, threat detection, incident response, and observability platforms in cloud environments
- Experience securing cloud-native environments, containerized workloads, Kubernetes platforms, modern CI/CD pipelines, and associated controls including vulnerability management, secrets management, and workload protection
- Experience with identity and access management technologies such as Okta, SAML, OAuth, Descope, and OIDC, including authentication, authorization, and privileged access concepts
- Experience securing cloud platforms such as AWS and/or GCP, including IAM, network security, logging, monitoring, and cloud-native security services
- Experience with managing security programs and frameworks
- Experience implementing or operating security controls aligned with frameworks such as NIST CSF, SOC 2, HITRUST, ISO 27001, or CIS Controls
- AWS and GCP certifications are a plus
- CISSP and/or CISM certification is a plus