BetterHelpRemote
Head of Security Engineering
United States of America
Full Time
5 hours ago
$250,000 - $300,000 USD
Visa Sponsor
Key skills
Security EngineeringOffensive SecurityRed TeamPenetration TestingBug BountyVulnerability ManagementSecurity OperationsApplication SecuritySoftware Development Lifecycle (SDLC)AI Security RisksSecurity StrategyCloud SecurityRegulatory ComplianceAIMLSDLCLeadershipCommunication
About this role
BetterHelp is on a mission to remove the traditional barriers to therapy and make mental health care more accessible to everyone. As the Head of Security Engineering, you will lead the security strategy with a strong emphasis on offensive security and play a crucial role in strengthening the company's defenses against vulnerabilities.
Responsibilities:
- Lead BetterHelp’s security engineering strategy, with offensive security as the foundation
- Operate with a red team / attacker mindset, identifying vulnerabilities across applications, infrastructure, and internal systems
- Direct and evolve the company’s red team capabilities, including penetration testing, code review, and vulnerability discovery
- Provide oversight and guidance across:
- Partner closely with Engineering to embed security into the software development lifecycle (SDLC)
- Strengthen processes around vulnerability management, detection, and response
- Build and improve offensive security tooling and capabilities, complementing external programs like Bugcrowd
- Help reduce technical debt and improve system resilience through proactive security practices
- Identify and address emerging threats, including AI security risks
- Mentor and guide a strong team, setting a high bar for technical rigor and impact
Requirements:
- 5+ years of security leadership experience
- 10+ years of experience in security engineering
- Strong background in offensive security (red team, penetration testing, or bug bounty)
- Deep understanding of how modern systems are attacked, and how to defend against them
- Experience working across or leading Red team, Blue team / SecOps, or Application Security
- Experience setting strategy, managing roadmaps, and delivering measurable security outcomes across multiple teams
- Ability to operate both strategically and hands-on
- Experience working in fast-paced environments with frequent releases
- Strong communication skills with both technical and non-technical stakeholders
- Experience with AI/ML security or emerging attack vectors
- Experience working with PHI/PII
- Experience operating in environments with high regulatory, privacy, or customer trust requirements
- Experience building and operating security programs for large-scale cloud, distributed systems, or consumer platforms
- Experience partnering with GRC teams