Staff Application Security Engineer

Hims & Hers is a health and wellness platform on a mission to help the world feel great through better health. As a Staff Application Security Engineer, you will be a thought leader in the Security Team focused on helping design, implement, and mature innovative and cutting-edge security capabilities.

Requirements

• 12+ years in software engineering, including at least 5 years focused on Application Security at a senior or staff level
• Deep familiarity with modern web and mobile stacks (Node.js, React/React Native, Kotlin, npm) and Git-centric workflows
• Hands-on experience with SCA, SAST, DAST, and secret-scanning solutions
• Proven ability to automate security checks within Jenkins, CircleCI, and GitHub Actions pipelines
• Strong coding/scripting skills (JavaScript/TypeScript, Python, or Go) and experience building custom security automation
• Thorough understanding of the vulnerability lifecycle: triage, remediation, reporting, and trend analysis
• Experience securing workloads in AWS and building cloud-native guardrails
• Demonstrated background securing private AI/ML model deployments
• Expertise in API security, specifically GraphQL, and implementing protections like schema validation and rate limiting
• Hands-on experience architecting CIAM/IAM solutions and integrating bot-detection tools
• Experience in healthcare or other highly regulated environments
• Excellent leadership, collaboration, and communication skills for high-visibility, cross-functional initiatives

Benefits

• Competitive salary & equity compensation for full-time roles
• Unlimited PTO, company holidays, and quarterly mental health days
• Comprehensive health benefits including medical, dental & vision, and parental leave
• Employee Stock Purchase Program (ESPP)
• 401k benefits with employer matching contribution
• Offsite team retreats