Maven Clinic
Staff Security Engineer
Full details on LinkedIn
The complete job description, requirements, and application details are available on the original posting.
About Maven Clinic
Maven Clinic is a virtual health platform founded in 2014 by CEO Kate Ryder, focusing on continuous care for women and families. It specializes in areas such as fertility, family-building, pregnancy, parenting, pediatrics, mental health, and menopause. As the largest women's and family telehealth network, Maven offers services through a web and app-based platform, connecting members to over 2,000 providers across more than 30 specialties and 350 subspecialties in 175 countries. Maven's key offerings include fertility and family-building support, maternity and postpartum benefits, pediatric and menopause care, and integrated mental health services. The platform also features the Maven Wallet for benefits administration and the Maven Manage Benefit for fertility management. With 15 million lives under management, Maven partners with over 2,000 employers and health plans, including many Fortune 15 companies, to provide personalized benefits. The company has received significant recognition, including being named one of TIME's 100 Most Influential Companies in 2023.
Security at Maven Clinic
Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.
Security Philosophy
“AppSec Mission: "Your privacy and security are top priorities at Maven." Developer Enablement vs. Gatekeeping: "Create self-service security tools that integrate with developer workflows (GitLab CI/CD, Terraform)" and "You balance rigor with velocity, enabling teams to move quickly". Risk Philosophy: "Access to member data is limited to the people who need it" and "We govern our AI systems in accordance with ISO 42001". Stated Pain Points or Goals: "Automate policy enforcement, SAST/DAST scans, and compliance verification" and "Develop or adopt AI-assisted security tooling". Gaps & Contradictions: No public information found regarding specific developer security training programs or internal 'paved road' documentation.”
Security Team
Org Structure & Reporting Line: Information not publicly available. Key Public-Facing Leaders: Brian Renzenbrink, Director of Engineering @ Maven Clinic | Platform Development, System Architecture, Security, and IPO readiness; Jon Mann, Senior Security Engineer. Team Size Estimate: Information not publicly available. Active AppSec Job Postings (as_of:): Count: 1. Common Skill/Tool Patterns: "Strong coding proficiency in Python, TypeScript, Go and/or Rust". Gaps & Contradictions: Explicit reporting lines (CISO vs CTO) and total AppSec headcount are not publicly stated.
Key Initiatives
Shift Left in Practice: "Create self-service security tools that integrate with developer workflows (GitLab CI/CD, Terraform)". Vulnerability Management Process: Intake includes "We conduct regular vulnerability assessments and independent third-party penetration testing" and "To report a potential vulnerability, email security@mavenclinic.com". Triage/Remediation: Information not publicly available (SLAs/MTTR not stated). Secure SDLC Artifacts: "Lead threat modeling and security architecture reviews". Recent Initiatives: "We govern our AI systems in accordance with ISO 42001". Gaps & Contradictions: No public evidence of a formal Security Champions program or specific remediation SLAs.
Preparing for an AppSec interview?
Get the weekly briefing 2,000+ security pros trust.