Lead Security Engineer, Applications

Who are we and why should you join us?

BetterHelp is on a mission to remove the traditional barriers to therapy and make mental health care more accessible to everyone. Founded in 2013, we are now the world’s largest online therapy service – providing affordable and convenient therapy in 210 countries and over 60 languages across the globe. Our network of over 30,000 licensed therapists has helped millions of people take ownership of their mental health and change their lives forever. And we’re not stopping there – as the unmet need for mental health services continues to grow, BetterHelp is committed to being part of the solution.

As an AppSec Engineer at BetterHelp, you’ll join a diverse team of licensed clinicians, engineers, product pros, creatives, marketers, and business leaders who share a passion for expanding access to therapy. And as a mental health company, we take employee mental health just as seriously as we do our mission. We seriously invest in our team’s well-being and professional development, because we know that business and individual growth go hand-in-hand. 

At BetterHelp, you’ll carve your own path, make an immediate impact, and be challenged every day – with a supportive community behind you the whole way. 

What are we looking for? 

We are looking for a motivated Application Security Engineer who is looking to help build the maturity of our Application Security Team. Our team prioritizes the full lifecycle of security triage: identifying vulnerabilities, reproducing exploits, meticulous code analysis, implementing security automation, and crafting production-ready fixes. We are looking for an engineer with good communication, strong technical abilities, and a get-things-done attitude with eagerness to build something awesome! 

What will you do? 

• Lead the application security team and bring new ideas to mature the program.
• Work with a nimble and passionate security team, collaborating with development and product. 
• Conduct vulnerability triage: handle internal and external vulnerability reports, go beyond investigating and write fixes yourself. 
• Review code and help make decisions about secure coding decisions.
• Work with other developers and teams for long term security success. 
• Use Burp Suite on a daily basis for triaging and penetration testing. 
• Code solutions for preventative measures and generating alerts. 
• Use your detective work to get to the AH-HA! moment when you find and replicate the root cause of an issue and figure out how to fix it. 
• You will care and be involved in our product, mission, and success - way beyond checking off tasks.

What will you NOT do?

• You will NOT worry about funding. We have startup DNA, but we're fully backed and funded by our parent company, Teladoc Health.
• You will NOT be confined to your "job". We believe in nurturing employees’ interests and passions – even if some of them lie outside of your core responsibilities.
• You will NOT be bogged down by office politics, egos, or bad attitudes. Only positive, pleasure-to-work-with people are allowed here!
• You will NOT get burned out. We work hard, but we also believe in maintaining sustainable work/life balance. Seriously.
• You will NOT have to wonder why you’re doing the work you’re doing. Our day-to-day operations translate into people getting the help they need.

Can I work remotely?

Yes. We operate in Pacific Time and candidates in any time zone are welcome to apply. We also ask our employees to travel to our Mountain View, CA office up to three times per year and to one company offsite to collaborate in person in order to build better working relationships and experience our in-office culture. Travel expenses will be covered and reasonable accommodations will be made for those under unique circumstances who cannot travel.

Requirements

• Experience with security code reviews, security architecture, and SAST
• Experience coding full stack projects with PHP
• Experience using Burp Suite at a proficient level 
• Able to explain complex ideas either verbally or in writing to a mixture of audiences
• Ability to work in the US, to travel to our Mountain View, California offices up to three times per year and to an additional company offsite.

Bonus (Not required, but nice to have): 

• Experience with the LAMP/LEMP stack 
• Knowledge of ReactJS
• Knowledge of threat modeling 
• Experience using Regex and Bash 
• Experience with Kubernetes 
• Experience with mobile security 
• Knowledge of Terraform
• Experience managing a bug bounty program
• Experience with web penetration testing

Benefits

• Competitive compensation
• Excellent health, dental, and vision coverage
• 401k benefits with employer matching contribution
• Unrivaled perks program (including free therapy, UberEats, and more)
• Remote work with regular in-person bonding experiences sponsored by the company
• Office in the heart of downtown Mountain View, a three-minute walk from Caltrain
• Commuter benefits, FSA accounts, and Employee Stock Purchase Programs
• The chance to build something that changes lives – and that people love 
• Any piece of hardware or software that will make you happy and productive
• An awesome community of co-workers

The base salary range for this position is $160,000-190,000. In addition to the base salary, this position is eligible for a performance bonus and the extensive benefits listed here (subject to eligibility requirements): Teladoc Health Benefits 2024. Total compensation is based on several factors – including, but not limited to, type of position, location, education level, work experience, and certifications. This information is applicable to all full-time positions.

At BetterHelp we thrive on difference and individuality, and as part of the Teladoc Health family, we are proud to be an Equal Opportunity Employer. We never have and never will discriminate against any job candidate or employee due to age, race, ethnicity, religion, sex, color, national origin, gender, gender identity, sexual orientation, medical condition, marital status, parental status, disability, or Veteran status.