Senior Information Security Engineer

Company	Whoop
Location	Boston, MA, USA
Salary	$Not Provided – $Not Provided
Type	Full-Time
Degrees	Bachelor’s
Experience Level	Senior

Requirements

Bachelor’s degree in Computer Science, Information Security, or a related technical field.
6+ years of hands-on experience in Information Security, IT Security, or a related role, including at least 2 years in a senior or lead capacity.
Proven track record implementing and managing advanced security technologies (e.g., CASB, CNAPP, CSPM, SIEM, SOAR, DLP, SWG).
Strong understanding of modern cloud security architecture (AWS, Azure, GCP) and experience performing threat modeling and risk assessments on cloud-based systems.
Demonstrated leadership in security incident response, investigations, and root cause analysis.
Excellent communication and interpersonal skills with the ability to influence stakeholders and explain security concepts to technical and non-technical audiences.
Strong project management skills and the ability to drive initiatives to completion in a fast-paced environment.
Experience mentoring junior engineers and promoting best practices across teams.
Solid documentation and operational tracking skills with familiarity in tools such as Jira, Confluence, and ticketing systems.

Responsibilities

Serve as a technical lead and subject matter expert on key security initiatives and cross-functional projects, collaborating with IT, GRC, Software, and other stakeholders to reduce risk across the organization.
Design, implement, and continuously improve security controls, automation, and monitoring solutions to protect WHOOP systems, infrastructure, and data at scale.
Lead and execute complex security assessments, vulnerability testing, and risk analysis efforts, providing recommendations and driving remediation plans.
Drive incident response efforts, including investigation, coordination, containment, remediation, root cause analysis, and post-incident reviews.
Oversee and enhance IAM architecture and policies, including SSO, SCIM, MFA, RBAC, and user lifecycle management.
Provide technical leadership in securing IaaS/PaaS and SaaS applications by defining best practices, conducting reviews, and hardening security controls.
Guide the deployment, integration, and tuning of security tools such as CASB, EDR, DLP, SIEM, CNAPP, and MDM solutions to maximize effectiveness and coverage.
Lead efforts to identify, triage, prioritize, and support the remediation of vulnerabilities across cloud environments, infrastructure, and SaaS platforms.
Lead and mentor team members by providing guidance on security best practices, project execution, work review, and knowledge sharing.
Promote a culture of security-first thinking across engineering, IT, and product teams by driving awareness, training, and secure development practices.
Track emerging threats, technologies, and regulatory changes; propose and drive forward-looking security strategies to ensure WHOOP maintains a resilient security posture.
Continuously assess and improve security operations, workflows, and tooling to meet evolving business and security requirements.
Participate in and help improve the on-call rotation to support critical security incidents, offering guidance and escalation support as needed.

Preferred Qualifications

No preferred qualifications provided.