Original listing text, shown exactly as published by the company.
About the role
The Security team at Headway is focused on security and privacy for all of Headway’s customers - therapists, patients, and payers (ex: insurance companies and health systems). As an early member on the team, you’ll have the unique opportunity to be the builder and driver of our dedicated, in-house product and application security engineering efforts. In this role, you will partner closely with our product and engineering teams to ensure that our application is designed and developed securely so that we can maintain and grow customers’ trust in Headway.
What you’ll do at Headway
- Partner with Product and Engineering: Headway has many new product launches on the horizon that will transform the industry and have a rich data component. You will be a partner at both the design and development stage to ensure that we implement new features securely, including (but not limited to):
- Participating in the implementation efforts
- Doing security reviews
- Helping with product design decisions
- Auditing and surfacing vulnerabilities in our current products
- Build Agentic Security Tooling: Move beyond rules-based automation to agentic workflows that address potential code problems at scale across our rapidly growing codebase. You'll help define what AI-native product security looks like at Headway.
- Make the safe way, the easy way: Work on defining and building application guardrails so that developers can build securely by default. You also will work to instill a culture of secure development across engineering.
- Assist in ongoing security operations: You will be part of the security and privacy team and have responsibilities to assist in incident response, vulnerability management, penetration testing, security reviews, and other operational tasks to ensure that our security program is operating at a world-class level.
Tools we use
- Cloud Security: Lacework
- Languages: Python 3, TypeScript
- Libraries: FastAPI, SQLAlchemy, React
- Datastores: Postgres, Redis
- Infrastructure: AWS (Fargate, ECS, S3, and more), Spark and Kafka
- Monitoring: Datadog, PagerDuty
- Version Control: Github
- Vulnerability Management: Snyk, Semgrep
You’ll be great for this role if you have
- Have 0 → 1 security experience: You have 5+ years experience in security and/or software engineering roles with a demonstrated history of working on security-related projects or with responsibilities as a security generalist.
- Strong cross-functional experience: You love partnering with other teams to help both teams achieve their goals.
- Strong technical depth and breadth: You have technical experience with building secure platforms and products at a deep level. You are excited to perform security design and code reviews. You want to understand security systems and improve their efficiency and scalability.
- Excited by AI’s potential: You believe AI will fundamentally reshape how product security works, and you want to be at the forefront of making that happen.
- Thrive in ambiguity: You love tackling ambiguous problems in a fast-paced environment with an optimistic and energizing attitude.
- Innovation at Scale: You seek opportunities to lead the industry in implementing the latest security and privacy technologies.
- Results driven: You care deeply about creating impact and driving results for Headway’s business.
- Mission driven: You are motivated by Headway’s mission, increasing access to high quality mental health care.
Our interview processAfter you apply to Headway, here are some details of what to expect during the interview process.
- Initial screen: You’ll connect with someone in recruiting so you can learn more about the team, Headway’s mission and exciting growth, and we can get a better idea of your background.
- First round: You'll meet with a member of our Security Engineering team for introductions and an architecture interview. Conducted similarly to a System Design interview, we’ll learn more about your knowledge of the role of security in engineering systems and web architecture.
- Final rounds: You’ll meet several more team members for technical and non-technical interviews and leave with a fuller picture of what it’s like to work at Headway.
- References and the Offer: Our favorite part of the process! We'll send over all of the details, including specifics on employee equity, and congratulatory messages from excited future team members!
Compensation & Benefits:The expected base pay range for this position is $218,500 - $273,125, based on a variety of factors including qualifications, experience, and geographic location. In addition to base salary, this role may be eligible for an equity grant, depending on the position and level.
We are committed to offering a comprehensive and competitive total rewards package, including robust health and wellness benefits, retirement savings, and meaningful ownership opportunities through equity. Compensation decisions are made holistically, ensuring fairness and alignment with market benchmarks while recognizing individual contributions and potential.
- Benefits offered include:
- Equity compensation
- Medical, Dental, and Vision coverage
- HSA / FSA
- 401K
- Work-from-Home Stipend
- Therapy Reimbursement
- 16-week parental leave for eligible employees
- Carrot Fertility annual reimbursement and membership
- 13 paid holidays each year as well as a Holiday Break during the week between December 25th and December 31st
- Flexible PTO
- Employee Assistance Program (EAP)
- Training and professional development
#LI-SC1
We believe a team's strength is in its people, and we cannot achieve this mission without a team that reflects the diversity of this problem – across race, ethnicity, gender, sexuality, age, national origin, religion, family status, disability, military status, and experience. Headway is committed to the full inclusion of all qualified individuals. As part of this commitment, Headway will ensure that persons with disabilities are provided with reasonable accommodations. If reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or receive other benefits and privileges of employment, please inform the recruiter when they contact you to schedule your interview.
Headway participates in E-Verify. To learn more, click here.
A notice to Headway applicants: To protect yourself against phishing and recruitment fraud, please note that Headway only accepts applications through our official careers page at https://headway.co/careers. Headway will never refer you to external websites, ask for payment or personal information, or conduct interviews via messaging apps. All official communication will come from a @findheadway.com email address. If you are contacted by someone claiming to be from Headway via an unofficial channel, please do not share any information and report it as spam.
