Senior Software Engineer, Privacy Engineering
Posted on Sunday, June 18, 2023
Who We Are
Ro is a direct-to-patient healthcare company with a mission of helping as many patients as possible achieve their health goals. Ro is the only company to offer telehealth care, at-home diagnostic testing, labs, and pharmacy services nationwide. This is enabled by Ro's vertically integrated platform that helps patients achieve their goals through a convenient end-to-end healthcare experience spanning from diagnosis, to delivery of medication, to ongoing care. Since 2017, Ro has helped millions of patients in nearly every single county in the United States, including 98% of primary care deserts.
Ro was recognized as a CNBC Disruptor 50 in 2022, listed by Inc. Magazine as a Best Place to Work in 2022 for our third consecutive year, and named one of FORTUNE's 2022 Best Medium Workplaces.
This role is a senior level individual contributor, hands-on technical expert that will build internal products and infrastructure to protect Ro patient privacy and meet compliance objectives. You will serve as a member of the Product Security team and partner with key stakeholders across the company including First Party Data, Data Infrastructure, and Compliance. Your focus is building systems and integrating tooling for the purpose of automated, continuous compliance in a rapidly evolving tech stack–snapshots in third-party tools don’t scale. You will partner with compliance to provide technical input and oversight into policies, and assist in pushing forward company-wide compliance requirements.
You will design and implement architectures, tools, and features that make Ro’s data collection transparent, and give users control over their data throughout the data lifecycle. This includes guiding Ro’s implementation of patient consent collection and management and integrating automated methods to preserve patient data privacy with technologies such as data tokenization. You will be a technical advocate for privacy decisions, designs, and discussions. You will not only lead the implementation of industry-vetted privacy solutions but drive innovative ideas to implementation as the company evolves and grows.
What You’ll Do:
- Embed with teams across the company to ensure our data collection and usage practices are transparent, protect user privacy, and mitigate risk
- Lead and manage development of new privacy features, tools, and scalable solutions
- Partner with technical and non-technical teams, including Engineering, Product, Compliance, and Legal to both implement solutions and craft policies that drive continuous compliance across the company
- Discover and map the ways that data is collected, processed and stored across our products and infrastructure
- Advocate for privacy-preserving solutions and identify innovative opportunities to advance our posture while presenting and promoting our privacy tools and solutions both internally and externally
- Provide mentorship and reviews for engineering teams working with privacy technologies
- Protect our participants by designing and developing privacy solutions in compliance with regulatory requirements at both the state and federal level (Ex: HIPAA, CSRA, HITRUST)
- Represent security in data architecture initiatives
- Help define the technological future of privacy at Ro
What You’ll Bring to the Team:
- 6+ years of software, privacy or security engineering with direct experience building/integrating tools to find and mitigate security and privacy issues
- 6+ years experience with code maintenance and code reviews in one or more general purpose languages (i.e., a frontend, backend, or full-stack software engineer with experience in regulated environments that require privacy-preserving architectures)
- Ability to cut across services, infrastructure, or frameworks in novel ways to achieve security and privacy goals
- Experience in implementing a scalable data tokenization and/or sanitization method in a production environment
- Experience designing and implementing private, secure-by-design architectures incorporating best practices for protecting patient data (at-rest, in-transit, and in-use)
- Experience with one or more of the following privacy principles or technologies: HITRUST, CCPA, data inventory, DLP, data tokenization/anonymization or privacy impact assessments
- Experience with concepts and practices such as threat modeling, data anonymization and classification, auditing access to data, and review of requests for data access
- A high bar for writing quality, scalable, robust, and testable code
- Designing novel yet robust security or privacy architectures
- Developing or maintaining services or processes to meet data governance needs
- Designing novel ways to understand and surface data flow, access control, and risk
We’ve Got You Covered:
- Full medical, dental, and vision insurance + OneMedical membership
- Healthcare and Dependent Care FSA
- 401(k) with company match
- Flexible PTO
- Wellbeing + Learning & Growth reimbursements
- Paid parental leave + Fertility benefits
- Pet insurance
- Student loan refinancing
- Virtual resources for mindfulness, counseling, fitness, and physical therapy
The target base salary for this position ranges from $170,000 to $204,000, in addition to a competitive equity and benefits package (as applicable). When determining compensation, we analyze and carefully consider several factors, including location, job-related knowledge, skills, and experience. These considerations may cause your compensation to vary.
Ro recognizes the power of in-person collaboration, while supporting the flexibility to work anywhere in the United States. For our Ro’ers in the tri-state (NY) area, you will join us at HQ on Tuesdays and Thursdays. For those outside of the tri-state area, you will be able to join in-person collaborations throughout the year (i.e., during team on-sites).
At Ro, we believe that our diverse perspectives are our biggest strengths — and that embracing them will create real change in healthcare. As an equal opportunity employer, we provide equal opportunity in all aspects of employment, including recruiting, hiring, compensation, training and promotion, termination, and any other terms and conditions of employment without regard to race, ethnicity, color, religion, sex, sexual orientation, gender identity, gender expression, familial status, age, disability and/or any other legally protected classification protected by federal, state, or local law.