AppSec Jobs
← Back to all jobs

hims & hers

Sr. Application Security Engineer

US RemoteWebsite

Full details on LinkedIn

The complete job description, requirements, and application details are available on the original posting.

About hims & hers

Hims & Hers Health, Inc. is a telehealth company based in San Francisco, California, founded in 2017. It operates a direct-to-consumer digital platform that connects consumers with licensed healthcare professionals, offering accessible and affordable healthcare services across various specialties. The company initially focused on men's wellness issues and has since expanded to include women's health, mental health services, primary care, dermatology, and weight management solutions. The platform provides prescription medications, over-the-counter products, and personal care items, allowing customers to consult healthcare providers remotely and receive treatments delivered to their homes. Hims & Hers serves customers in all 50 U.S. states and Washington, D.C., and its products are also available in retail locations like Target. With a strong emphasis on convenience and privacy, the company targets adults, particularly millennials, seeking discreet healthcare solutions. Hims & Hers went public in January 2021 and has shown significant growth, with revenues exceeding $872 million in 2023.

Industry

health, wellness & fitness

Employees

1,900

211 engineers

Revenue

$1.5B

Website

Visit →

Security at hims & hers

Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.

3 Intel Signals

Security Philosophy

Hims & Hers aligns with the National Institute of Standards and Technology (NIST) Cybersecurity Framework. They also aim to mentor and evangelize security practices.

Security Team

The Head of Information Security at Hims & Hers reports to the Chief Operating Officer (COO). Melissa Baird is the Chief Operating Officer.

Key Initiatives

  • Hims & Hers conducts continuous vulnerability scanning and periodic penetration tests.
  • Their initiatives include integrating SCA, SAST, DAST, and secret-scanning into CI/CD pipelines, driving vulnerability management by designing and tuning scan configurations, and conducting secure code reviews.
  • They also implement and maintain GitHub Advanced Security, including secret scanning, assess and improve security of Infrastructure as Code (IaC) deployments using Terraform, and conduct security assessments using SAST, DAST, and SCA tools.

Preparing for an AppSec interview?

Get the weekly briefing 2,000+ security pros trust.