Staff Security Engineer - Security Operations

About us:

Foodsmart is the leading telenutrition and foodcare solution, backed by a robust network of Registered Dietitians. Our platform is designed to foster healthier food choices, drive lasting behavior change, and deliver long-term health outcomes. Through our highly personalized, digital platform, we guide our 2.2 million members—including those in employer-sponsored health plans, regional and national Medicaid managed care organizations, Medicare Advantage plans, and commercial insurers—on a tailored journey to eating well while saving time and money.

Foodsmart seamlessly integrates dietary assessments and nutrition counseling with online food ordering and cost-effective meal planning for the entire family, optimizing ingredients both at home and on the go. We partner with national and regional retailers across the U.S., many of whom accept SNAP/EBT, making healthier food more accessible. Additionally, we assist members with SNAP enrollment and management, providing tangible access to nutritious food.In 2024, Foodsmart secured a $200 million investment from TPG’s Rise Fund, which supports entrepreneurs dedicated to achieving the United Nations’ Sustainable Development Goals. This investment will help us expand our reach, particularly to low-income workers who are disproportionately affected by diet-related diseases. 

At Foodsmart, our mission is to make nutritious food accessible and affordable for everyone, regardless of economic status. We are committed to a set of core values that shape our culture and work environment:

Measured: We make data-driven, truth-seeking decisions.

Impactful: We are fueled by achieving our mission and vision.

Collaborative: We help each other be better and create a positive environment.

Hungry: We maintain a healthy growth mindset, seeking to overcome challenges with courage.

Joyful: We take joy in each other, our work, and the privilege of doing this work.

Whether you're a dietitian, a commercial leader, or a technologist, working at Foodsmart means being part of a team that is passionate, supportive, and driven by a shared purpose. Join us in transforming the way people access and enjoy healthy food.

About the Role

Foodsmart is seeking a Staff Security Engineer - Security Operations to take ownership of the security operations function and ensure the safety and resilience of our organization against evolving threats. This role carries significant responsibility for monitoring, detecting, responding to, and mitigating security risks that could impact Foodsmart’s systems, data, employees, and customers. You will be at the forefront of protecting Foodsmart’s critical assets by implementing advanced security measures, overseeing incident response efforts, and proactively identifying vulnerabilities before they can be exploited.

This position requires a highly skilled professional who thrives under pressure, has a deep understanding of modern security operations practices, and can independently execute strategies to minimize risk while ensuring operational excellence.

• Monitor and Defend:
• Oversee real-time monitoring of security events across Foodsmart’s infrastructure using SIEM tools to detect and respond to suspicious activities.
• Continuously improve threat detection capabilities by fine-tuning alerts, building correlation rules, and integrating new data sources into monitoring systems.
• Act as the first line of defense during active incidents, lead containment, eradication, recovery efforts, and conduct root cause analysis.
• Proactively Identify Risks:
• Perform regular threat hunting exercises across Foodsmart’s environment to uncover hidden vulnerabilities or potential attack vectors.
• Conduct periodic risk assessments on infrastructure, SaaS applications, endpoints, and third party integrations to identify gaps in security posture.
• Implement vulnerability management processes to ensure timely remediation of identified risks.
• Strengthen Security Operations:
• Develop playbooks for common attack scenarios to ensure rapid response during incidents.
• Automate repetitive tasks such as alert triage or remediation workflows using scripting languages like Python or tools like SOAR platforms.
• Partner with DevOps teams to enhance CI/CD pipeline security and enforce secure configurations for infrastructure-as-code (IaC).
• Collaborate Across Teams:
• Work closely with IT teams to secure endpoints for remote employees and enforce strong identity access management policies.
• Serve as a trusted advisor to internal stakeholders by providing actionable recommendations on mitigating risks without disrupting business operations.
• Mentor team members on best practices in security operations to foster a culture of vigilance across the organization.
• Ensure Compliance:
• Support compliance initiatives such as SOC 2, HIPAA, HITRUST CSF, and CCPA by maintaining audit-ready documentation of security controls.
• Monitor adherence to regulatory requirements while continuously improving processes to meet industry standards.

• A highly vigilant professional who understands that missing a critical alert or vulnerability can have severe consequences for the organization.
• A calm problem-solver who thrives under pressure during active incidents while maintaining focus on resolution and prevention.
• A proactive thinker who anticipates potential threats before they materialize and takes action to mitigate them effectively.
• A collaborative communicator who can explain complex technical concepts clearly to both technical teams and executives.

• At least 8 years of experience in security operations or information security roles with a proven track record of safeguarding critical systems in fast-paced environments.
• Expertise in managing SIEM platforms, SOAR tools, EDR/XDR solutions, and other advanced monitoring technologies.
• Deep knowledge of modern attack techniques and incident response best practices.
• Experience conducting threat hunting exercises across multi cloud environments, SaaS applications, and endpoints.
• Strong scripting/coding skills in Python or similar languages for automating workflows within SecOps tools.
• Familiarity with compliance frameworks such as SOC 2, HIPAA, HITRUST CSF, or CCPA as they apply to operational environments.

• GIAC Certified Incident Handler (GCIH)
• Certified Information Systems Security Professional (CISSP)

About our benefits and perks:

Remote-First Company

Unlimited PTO

Flexible & remote location

Healthcare Coverage (Medical, Dental, Vision)

401k, bonus, & stock options

Registered Dietitian Sessions 

Wellness  reimbursement 

Foodsmart  is an equal opportunity employer and values diversity. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, disability status, or any other protected class.