Senior Product Security Engineer | Pomelo Care · Teeming.ai
Pomelo Care
Pomelo Care is the national leader in evidence-based maternity care. Pomelo provides care and high-touch support for women during preconception, pregnancy, birth, postpartum, and for both mother and…
Pomelo Care is the national leader in evidence-based maternity care. Pomelo provides care and high-touch support for women during preconception, pregnancy, birth, postpartum, and for both mother and…
What they do: Virtual, evidence-based maternity and newborn care combining 24/7 clinical virtual care with in-person doula services
Market / customers: Works with employers and commercial and Medicaid health plans
Funding / valuation: Raised multiple rounds including a $46M Series B and a $92M Series C; communicated a $1.7B valuation
Founding / HQ: Founded by Marta Bralic Kerns; HQ in New York City
Company Overview
Problem Domain
Maternal, newborn, and women's health; reducing preterm births, NICU admissions, and avoidable costs through coordinated virtual and in-person care.
Founded
2021
Industry
Hospitals and Health Care
Funding Track Record
Series B- 2024-06-20
46000000
Company announced Series B and published outcomes data; reported coverage of over 3 million lives at the time of announcement.
Series C
92000000
Company announced a $92M Series C and communicated a $1.7 billion valuation.
Investor Signal
“Includes participation from Andreessen Horowitz (a16z) Bio + Health and First Round Capital”
Founders
What we do
Join the Team
Senior Product Security Engineer
RemoteUnited States, US
Remote • United States, US
Related Companies
Company
HQ
Industry
Total Funding
Cohere Health
🇺🇸US
HealthInformation TechnologySoftware
$196M
Pearl
🇺🇸US
Data and AnalyticsDeepTechHealthInformation TechnologySoftware
$69M
Protege
🇺🇸New York City, US
Data and AnalyticsDeepTechEducationInformation TechnologySoftware
$65M
Strive Health
🇺🇸US
HealthInformation TechnologyMobile, Platforms, and Apps
$606M
Qualified Health
🇺🇸Palo Alto, US
Data and AnalyticsDeepTechHealthSoftware
$155M
Who you are
You’re an enthusiastic and collaborative engineer who enjoys solving meaningful problems through code. You view security as a product challenge, and you believe the best way to secure a system is to make the "secure way" the "easy way." In particular, you:
Are a builder first: Have 5+ years of software engineering experience with a strong foundation in computer science and a track record of shipping production-grade code (Python, Go, Kotlin or similar)
Have a security mindset: You understand the OWASP Top 10, identity flows and prompt injections, but you’d rather build a system that eliminates a class of vulnerability than manually triage individual alerts. You believe security expertise should be embedded into the development process, not bolted on at the end
Are an automation enthusiast: you enjoy tackling complex problems with practical automation and are keeping up with trends in LLM agents to multiply your engineering impact
Navigate ambiguity: as a floating resource across various engineering teams, you are comfortable context-switching and can quickly build rapport with different engineering teams to understand their needs
Have experience with Google Cloud Platform (GCP), Github Advanced Security (GHAS), Stytch, Sentry, Fullstory, Statsig or similar technology stack
Have prior experience in healthcare data, including understanding of HIPAA, SOC 2 Type 2 and HITRUST compliance requirements
Have experience building data infrastructure that supports AI/ML workloads,internal developer platforms and privacy preserving data de-identification and anonymization techniques
Have previously worked in a fast-paced, product-oriented startup environment
What the job involves
Benefits
Generous equity compensation
Unlimited vacation
Membership in the First Round Network (a curated and confidential community with events, guides, thousands of Q&A questions, and opportunities for 1-1 mentorship)
Startup jobs. A lot of them.
Your next opportunity is in here somewhere. Sign up to explore 70,000+ startups and their open roles. No spam. No gamification. Just jobs.
70,000+
Startups
82,000+
Open Roles
4,600+
New This Week
Technical Writer
Full-timeSan Francisco, US
Full-time • San Francisco, US
Backend Developer
ContractManchester, GB
Contract • Manchester, GB
DevOps Engineer
InternshipHamburg, DE
Internship • Hamburg, DE
DevOps Engineer
Full-timeUtrecht, NL
Full-time • Utrecht, NL
Software Engineer
ContractNovi Sad, RS
Contract • Novi Sad, RS
Mobile Developer
Full-timeHaifa
Full-time • Haifa
As our first Product Security Engineer, you will sit at the intersection of Security and Software Engineering
Reporting directly to the CISO, you will be a "Security Builder": embedded within our engineering teams with the autonomy needed to build the automation, tools, and workflows that make security a seamless part of the software development lifecycle
You aren't just finding bugs; you are building the systems that prevent and fix them at scale
Your work will be centered on three core strategic pillars:
You'll secure architecture and auth: you will design and implement auth enhancements such as magic link improvements and access/audit log features to monitor access and improve transparency
Privacy engineering: you will lead the privacy engineering initiatives including DSAR integration, building automated data deletion capabilities directly into the Pomelo mobile app and our internal platform to ensure seamless compliance. You will also help improve privacy-preserving data de-identification and anonymization as needed
Full-cycle remediation: you will own the end-to-end pentest-to-fix lifecycle. This means you don't just triage reports; you write the code to fix penetration test findings, remediate SAST issues, and build greenkeeping systems for high-volume dependency patching with regression testing
Beyond these pillars, you will serve as a high-leverage engineering partner to the broader InfoSec team by:
Building secure-by-default libraries: reducing the load on core Software Engineering by creating internal libraries and patterns that make security the default path
Threat modeling: partnering with engineering leads to conduct threat modeling and ensure secure design at the earliest stages of the development process
Scaling through collaboration: as a security resource embedded in our engineering teams, you will help engineering squads navigate complex security use cases, translating GRC requirements into elegant code rather than manual checklists
