Staff Engineer
Product Security
Updated on 2/28/2024
One Medical

1,001-5,000 employees

Accessible, affordable healthcare through technology and primary care
Company Overview
One Medical sets itself apart by combining people-centered design and technology to deliver high-quality, affordable healthcare, challenging the traditional healthcare model. Their approach allows primary care providers to make informed decisions, leading to improved health outcomes and patient satisfaction. Moreover, their seamless integration of services saves patients both time and money, demonstrating their industry leadership in creating a more accessible healthcare system.

Company Stage


Total Funding





San Francisco, California

Growth & Insights

6 month growth


1 year growth


2 year growth

United States
Experience Level
Desired Skills
Ruby on Rails
Software Engineering
  • 7+ years of application security experience, or 5+ years of application security experience and 2+ years of software development experience
  • Significant experience collaborating with product development teams
  • Extensive experience identifying, testing, and remediating against vulnerabilities including those found in the OWASP Top 10 and CWE/SANS Top 25
  • Experience with providing security recommendation and guidance in at least two of the following languages/frameworks: Ruby on Rails, Python, GoLang, JavaScript, React, Angular, Swift, Kotlin, C, C++
  • Proven skills communicating and collaborating with product development leadership
  • Proven track record mentoring and maturing product security engineers
  • Experience building automation and/or writing scripts to solve security problems
  • Participate in Product Development architecture and strategy meetings and discussions; in particular, you are a sounding board and guide for architectural considerations regarding access control and systems integration
  • Help align One Medical’s application security practices with Amazon’s secure-by-design patterns
  • Conduct Application Security Assessments, Security Architecture Reviews, and Threat Modeling
  • Analyze security test results, document risks, and recommend mitigating controls
  • Design new security automation and select tooling to improve our detection of application vulnerabilities, and to assist in the remediation of findings
  • Provide security subject matter expertise to the Product Security team itself, as well as to development teams, developing secure coding practices, and develop hands-on training to developers and quality engineers
  • Contribute to our incident response and vulnerability remediation efforts
  • Security research, presentation, security industry collaboration, and participation in hackathons
  • On occasion, step in on hands-on security testing and code review of internally developed applications
Desired Qualifications
  • OSCP, OSWE, GPEN or similar certifications
  • Contributions to the security community such as research, public CVEs, bug-bounty recognitions, open-source projects, and blogs or publications
  • Experience working in highly regulated environments subject to compliance requirements such as HIPAA and PCI
  • Experience with authentication/authorization technologies, like OpenID Connect, JWTs, SAML, and HMACs
  • Experience with the security considerations for data pipelines, reporting, ML, and LLMs
  • Experience with mobile security reviews and testing
  • Dual Builder / Breaker mindset: Passion for breaking things and working alongside teams to fix them
  • Familiarity with books and articles by authors such as Loren Kohnfelder, Adam Shostack, Dafydd Stuttart, etc.
  • A writing sample that is a threat model, security design review, or a memo to development team regarding an issue (this could be blacked out for confidential information)
  • Good sense of humor :)