Senior Security Engineer
Flo is the world’s #1 health app on a mission to build a better future for female health. Backed by a $200M investment and the first of its kind to reach a $1B valuation in 2024, Flo has 400M+ downloads and 75M+ monthly users. It boasts 6 million paid subscribers and the highest-rated experience in the App Store’s health category, focusing on building next-generation digital health technology that is AI-powered, privacy-first, and clinically backed.
The job
Your role as the Security Engineer will be pivotal in supporting Flo Health’s overall security posture. You will work with a small but powerful Security team to protect applications and infrastructure by managing vulnerabilities, responding to incidents, and implementing security measures at scale. You will develop custom tooling and embed security best practices into the product lifecycle to stay ahead of emerging threats.
What you will do:
- Develop regular touchpoints with key stakeholders.
- Manage Vulnerabilities: triage newly discovered vulnerabilities, investigate potential risks, verify fixes, and drive remediation efforts across teams.
- Implement Security Measures: support teams by configuring WAF rules, setting rate limits, and deploying additional controls.
- Develop Custom Security Tooling: contribute to creating and maintaining in-house tools that enhance security capabilities and automation.
- Product Security Support: assist in security assessments, threat modeling, and penetration testing with the Product Security team.
- Secure Development Lifecycle: implement and improve security gates within the SDLC.
- Adapt and Collaborate: handle emerging security challenges flexibly as part of a small team with big responsibilities.
- Investigate and triage security alerts, manage security incidents.
- Gather, curate, and communicate threat intelligence.
- Support and advise business stakeholders on cybersecurity issues.
- Generate reports for technical and non-technical staff and stakeholders.
What you bring:
- Minimum 7 years of experience in information security.
- Hands-on experience with AWS or similar cloud platforms and Cloudflare.
- Proficiency with Infrastructure as Code tools such as Terraform.
- Solid understanding of common vulnerability classes and OWASP Top 10.
- Proficient in reading code (Python, Scala) and using Git for version control.
- Experience with industry-standard SIEM and vulnerability scanning tools.
Nice to have:
- Relevant industry certifications (CISSP, OSCP, etc.).
- Experience supporting audits like ISO27001.
- Experience with security risk management frameworks such as ISO31000.
- Knowledge of security control frameworks such as CIS, NIST800-53, and ISO27001.
- Familiarity with iOS or Android security.
How we work
Flo is a mission-led, product-driven team that moves fast, stays focused, and takes ownership from start to finish. The team values craft, purposeful shipping, and continuous improvement. Working at Flo requires commitment, resilience, and drive to achieve better health outcomes.
What you'll get
- Competitive salary and annual reviews.
- Opportunity to participate in Flo’s performance incentive scheme.
- Paid holiday, sick leave, and female health leave.
- Enhanced parental leave and pay for maternity, paternity, same-sex, and adoptive parents.
- Professional growth opportunities through impactful work and learning support.
- Flexible office and home working options, including up to 2 months per year working abroad.
- 5-week fully paid sabbatical at 5-year work anniversary.
- Flo Premium for friends and family, plus additional health, pension, and wellbeing perks.
Diversity, equity and inclusion
Flo is an equal opportunity employer that values diversity, equity, and inclusion. Hiring is based on merit, skills, and the value brought to the role regardless of background or identity. Applicants from all backgrounds are welcomed. The company's privacy notice for job applicants is available online.
Apply for this job
To apply for this Senior Security Engineer position at Flo Health in Vilnius, please complete the application form on the job post page. You will need to provide your first name, last name, email, phone number, city location, resume/CV, and cover letter. The form also includes questions about your willingness to work in the office twice a week, privacy notice confirmation, contact permission, knowledge of OWASP Top 10, and experience with Terraform, among others. After filling out the required fields and submitting your application, you will be considered for the role.