Manager, Security Engineering

GoodRx is the leading prescription savings platform in the U.S.   Trusted by more than 25 million consumers and 750,000 healthcare professionals annually, GoodRx provides access to savings and affordability options for generic and brand-name medications at more than 70,000 pharmacies nationwide, as well as comprehensive healthcare research and information. Since 2011, GoodRx has helped consumers save nearly $75 billion on the cost of their prescriptions. Our goal is to help Americans find convenient and affordable healthcare. We offer solutions for consumers, employers, health plans, and anyone else who shares our desire to provide affordable prescriptions to all Americans. How We Work with AI: AI tooling is becoming an important part of how GoodRx engineers and security professionals operate. We expect leaders at this level to leverage AI responsibly to improve productivity, strengthen security operations, and scale team effectiveness. You understand both the opportunities and risks associated with AI-assisted development. You guide your team in the responsible use of AI tools for engineering, analysis, automation, and investigation while ensuring appropriate security, privacy, and compliance controls are maintained. You actively identify opportunities to leverage AI-driven workflows, security automation, and operational efficiencies while helping establish best practices for safe and effective adoption. Responsibilities: Leads, hires, develops, and manages security engineers through coaching, performance management, and career development  Develops and executes the team's security engineering roadmap, balancing risk reduction, operational effectiveness, and business objectives  Develops and maintains security engineering services and controls that align with business objectives and industry best practices  Recommends improvements to security policies, standards, and procedures that strengthen the organization's security posture, including encompassing and considering emerging risks such as AI adoption and use  Works closely with leadership, teams, and cross-functional business groups to establish alignment on the security roadmap, plan and vision  Uses business knowledge and contextual awareness to guide team technical decisions related to cloud security, application security, identity management, and emerging technologies  Leads risk assessments, threat modeling, incident response, and security investigations related to production systems, cloud infrastructure, and new product initiatives  Establishes and develops security vendor relationships to ensure effective and efficient supplier performance results Partners with Security, Compliance, Engineering, and IT stakeholders to support security awareness initiatives and promote secure engineering practices  Partners with Compliance and Audit teams to support security controls, audit readiness, evidence collection, and remediation activities Drives adoption of DevSecOps practices, security automation, vulnerability management, secure code review processes, and secure-by-default engineering patterns  Establishes operational metrics and reporting to measure the effectiveness of security controls, detection capabilities, and team performance Required Technical and Professional Expertise: 8+ years of experience in cybersecurity, cloud security, application security, infrastructure security, or related domains  Bachelor's degree in Computer Science, Information Systems, or a related field or equivalent practical experience Experience with one or more modern programming or scripting languages (Python, Go, Java, Rust, Bash, or similar)  Strong familiarity with software development lifecycle (SDLC) processes and source control technologies Strong understanding of DevSecOps, application security principles, secure software development practices, and modern software delivery environments  Ability to create solutions that are scalable, repeatable, secure and maintainable Experience with risk assessment & analysis, emergency preparedness, and investigations/incident management Excellent communication and team relationship skills Experience with SIEM, security monitoring, threat detection, incident response, and observability platforms in cloud environments  Experience securing cloud-native environments, containerized workloads, Kubernetes platforms, modern CI/CD pipelines, and associated controls including vulnerability management, secrets management, and workload protection  Experience with identity and access management technologies such as Okta, SAML, OAuth, Descope, and OIDC, including authentication, authorization, and privileged access concepts  Experience securing cloud platforms such as AWS and/or GCP, including IAM, network security, logging, monitoring, and cloud-native security services (AWS and GCP certifications are a plus) Experience with managing security programs and frameworks Experience implementing or operating security controls aligned with frameworks such as NIST CSF, SOC 2, HITRUST, ISO 27001, or CIS Controls  CISSP and/or CISM certification is a plus Security is responsible for implementing security measures, monitoring suspicious activity, and taking immediate action against cyber threats through the incident response process and vulnerability management program. Additionally, Security monitors GoodRx’s organizational systems for end users’ activities from an information security perspective and correlates / analyzes logs to detect potential Events and Incidents. Lastly, the team works collaboratively with other departments to improve the organization’s security posture. At GoodRx, pay ranges are determined based on work locations and may vary based on where the successful candidate is hired. The pay ranges below are shown as a guideline, and the successful candidate’s starting pay will be determined based on job-related skills, experience, qualificat