View All Jobs 155435

Security Engineer II (enterprise) - Remote Eligible

Design and implement security controls for cloud-based applications and microservices
Remote
Senior
16 hours agoBe an early applicant
GoodRx

GoodRx

A platform offering prescription drug price comparisons, discounts, and coupons to help consumers save money on medications.
1 Similar Job at GoodRx

Security Engineer II

GoodRx is the leading prescription savings platform in the U.S. Trusted by more than 25 million consumers and 750,000 healthcare professionals annually, GoodRx provides access to savings and affordability options for generic and brand-name medications at more than 70,000 pharmacies nationwide, as well as comprehensive healthcare research and information. Since 2011, GoodRx has helped consumers save nearly $75 billion on the cost of their prescriptions. Our goal is to help Americans find convenient and affordable healthcare. We offer solutions for consumers, employers, health plans, and anyone else who shares our desire to provide affordable prescriptions to all Americans.

About the Role

GoodRx is looking for a Security Engineer II to join our Security Team (Production Engineering). This team focuses on securing all organizational applications and services. This role works closely with engineering teams to embed security within the SLDC and ensures our services are crafted with the highest security standards and quality. You will help design, build and review security controls across our applications and pipelines, improve detection and remediation of vulnerabilities, and partner with teams across the company to reduce risk and protect our users.

As part of the Security team (Production Engineering), you will help drive security visibility, automation, and process maturity by leveraging industry best tooling. You'll contribute to threat modeling, architecture reviews, and penetration testing, while partnering with engineers to remediate vulnerabilities and deliver secure, reliable applications.

This role is ideal for someone with strong technical skills, a developer's mindset, and a passion for securing modern applications and cloud services.

Responsibilities:

  • Embed security controls into application architecture and code reviews.
  • Own vulnerability management for applications and microservices.
  • Provide guidance on secure authentication, authorization, secrets management, and data security.
  • Perform risk analysis across the production environment to identify internal and external threats.
  • Provide security systems technology support as it applies to the implementation, installation and maintenance of security tooling, processes, procedures, and runbooks.
  • Evaluate, enhance, and improve the implementation of application security automation within CI/CD pipelines to detect and remediate security issues early.
  • Monitor, analyze, and triage alerts and logs from various security platforms.
  • Stay current on emerging threats, vulnerabilities, and threat actor behaviors, and apply this knowledge to improve detection and response.
  • Investigate potential threats and participate in incident response activities, including root cause analysis and remediation.
  • Evaluate, enhance and support internal threat modeling and penetration testing programs.
  • Provide security oversight in engineering architecture reviews and development processes.
  • Collaborate with Engineering, IT, Infrastructure, and Compliance teams to implement security controls aligned with frameworks like NIST, HiTrust, and CIS.
  • Research and support onboarding of new tools and systems into our security stack.
  • Maintain production security procedures and metrics.
  • Develop, research and facilitate regular security training.
  • Ability to work independently to ensure goals set by leadership are reached, and a team player.
  • Triage, remediate, and escalate security alerts/events/reports.
  • Support all required controls and participate in the audit process for assigned areas of responsibility.
  • Vulnerability scanning, monitoring, and remediation tracking for applications, services, containers, and cloud infrastructure.
  • Drive continuous improvement by identifying automation opportunities, integrating emerging best practices, and enhancing detection and response capabilities.

Required Technical and Professional Expertise:

  • Minimum 2 years experience in application security, or similar security roles.
  • Expertise in cloud environments.
  • Development experience in any modern programming language (Python, Go, etc.)
  • Familiarity with software development lifecycle (SDLC) processes and source control technologies.
  • Experience with supply chain security (dependency management, SBOMs).
  • Exposure to container and CI/CD security (Kubernetes, GitHub Actions, etc.).
  • Exposure to offensive security expertise and penetration testing certifications, such as (OSWE, OSCP+, etc.) are highly desirable.
  • Comfortable writing detection queries and scripts.
  • Familiarity with regulatory frameworks such as SOC 2, CIS, or HiTrust.
  • Knowledge of common attack vectors and MITRE ATT&CK framework.
  • Problem-solving skills and the ability to thrive in a fast-paced, collaborative environment.
  • Experience with SSO platforms, such as Okta and SAML are a plus.
  • Experience with AWS, GCP, CDN/edge security tools and services are a plus.
  • Availability to travel if needed.
  • Experience with automation frameworks or scripting in Python, PowerShell, or Bash.
  • Security certifications such as Security +, GCIA, GCIH, CEH, or Palo Alto PCNSE.
+ Show Original Job Post
Suggest a correction
























Security Engineer II (enterprise) - Remote Eligible
Remote
Engineering
Apply to job
About GoodRx
A platform offering prescription drug price comparisons, discounts, and coupons to help consumers save money on medications.