About Flo Health
Flo is the world’s #1 health app on a mission to build a better future for female health. Backed by a $200M investment led by General Atlantic, it became the first product of its kind to reach a $1B valuation in 2024. It has 400M+ downloads, 75M+ monthly users, and 6M paid subscribers with the highest-rated experience in the App Store's health category.
The Job
As a Senior Security Engineer, you will support Flo Health's overall security posture. Working with the Security team, you will protect applications and infrastructure by managing vulnerabilities, responding to incidents, and implementing security measures at scale. You will also develop custom tooling and embed security best practices into the product lifecycle to keep ahead of emerging threats.
Responsibilities
- Develop regular touchpoints with key stakeholders.
- Manage vulnerabilities by triaging newly discovered ones, investigating risks, verifying fixes, and driving remediation across teams.
- Implement security measures such as configuring WAF rules, setting rate limits, and deploying controls to protect the environment.
- Develop custom security tooling to enhance security capabilities and automation.
- Support product security through assessments, threat modeling, and penetration testing in close collaboration with the Product Security team.
- Help implement and improve security gates within the Secure Development Lifecycle (SDLC).
- Adapt to and collaborate on emerging security challenges with flexibility.
- Investigate and triage security alerts and manage security incidents.
- Gather, curate, and communicate threat intelligence.
- Support and advise business stakeholders on cybersecurity issues.
- Generate reports for both technical and non-technical audiences.
Qualifications
- At least 7 years of experience in information security.
- Hands-on experience with AWS or similar cloud platforms and Cloudflare.
- Proficiency with Infrastructure as Code tools like Terraform.
- Solid understanding of common vulnerability classes and the OWASP Top 10.
- Proficient in reading code (e.g., Python, Scala) and using Git for version control.
- Experience with SIEM and vulnerability scanning tools.
Nice to Have
- Relevant industry certifications (CISSP, OSCP, etc.).
- Experience supporting audits such as ISO27001.
- Experience with security risk management frameworks like ISO31000.
- Knowledge of security control frameworks such as CIS, NIST800-53, and ISO27001.
- Familiarity with iOS or Android security.
Work Culture and Benefits
Flo is a mission-led, product-driven organization that values fast-paced work and ownership. The culture encourages debate, shared decision-making, and quality craftsmanship. Employees receive competitive salaries with annual reviews, participation in a performance incentive scheme, paid leave, enhanced parental leave, accelerated professional growth opportunities, flexible home and office working, sabbaticals, and health and wellbeing perks.
Diversity and Inclusion
Flo Health is an equal opportunity employer that values diversity, equity, and inclusion. Hiring is based on merit and skill, welcoming applicants from all backgrounds, communities, and identities.