About Forma

The market for employee benefits is broken. Companies spend millions annually on employee benefits that employees neither value nor regularly use. Founded in 2017, Forma set out to build a better model by challenging traditional one-size-fits-all approaches.

Forma’s flexible benefits software helps companies offer competitive benefits packages while reducing costs and inefficiencies, by giving employees more choice and flexibility in how they spend their benefit allowances. The platform also saves HR professionals countless hours managing and supporting various point solutions.

Using Forma, companies can select from a suite of products that include Lifestyle Spending Accounts, Health Spending Accounts, Health Reimbursement Arrangements, Flexible Spending Accounts, and more to design and deliver customized benefits programs–all through a single platform. Employees then have three choices to spend account funds: The Forma Store with discounted products and services, The Forma Visa Card, or claim reimbursement backed by Forma’s world-class member support team.

Forma has helped hundreds of the world’s most admired companies, including Stripe, Zoom, Lululemon, and Affirm, design and support flexible, inclusive benefits programs for nearly a million employees. And, we are seeing great success with 98% customer retention, 75 NPS, and 98 CSAT ratings from members.

Forma is backed by Emergence Capital and Ribbit Capital and has received numerous awards for its exponential growth, its software innovation, and as a “Great Place to Work.” 

About the Role 

As a Staff Application Security Engineer at Forma, you will be instrumental in fortifying our security framework and ensuring the integrity and confidentiality of our data and systems. This role demands a detail-oriented and proactive engineer capable of diagnosing and resolving security issues within a dynamic and rapidly evolving environment.

You Will 

• Conduct regular application, system and network security penetration tests and audits to identify potential vulnerabilities.

• Develop and implement security enhancements for Forma’s cloud-based infrastructure, focusing on continuous improvement of our defenses against threats.

• Collaborate with the engineering teams to integrate security practices into the development lifecycle and to ensure secure coding practices are followed.

• Manage and tune security tools and technologies such as firewalls, intrusion detection systems, and encryption.

• Respond to and investigate security breaches or incidents, managing the resolution process and mitigating any impacts.

• Participate in the creation and maintenance of security policies and procedures, ensuring they meet compliance requirements like SOC2 and ISO 27001.

• Educate and train staff on security protocols and best practices, fostering a culture of security awareness within the organization.

Preferred Skills 

• Bachelor’s or Master’s degree in Information Systems, Computer Science, or a related field.

• At least 8+ years of experience in security engineering, with a solid understanding of security protocols, cryptography, and application security.

• Experience with cloud security architectures and solutions, particularly in AWS, Azure, or Google Cloud environments.

• Proven ability to work with network diagnostic, monitoring, and analysis tools.

• Strong problem-solving skills and the ability to work under pressure in a fast-paced environment.

• Professional certifications such as CEH, OSCP, OSWE, etc.

• Experience in a startup or SaaS environment is a plus.

Benefits and Perks

• Remote-first working environment

• Medical, dental and vision insurance plans

• Employee wellness program

• One-time home office stipend

• 401(k) savings plan

• Flexible PTO policy

• 12 weeks Parental Leave + 4 additional weeks for the Birthing Parent

At Forma, we value diversity, and always treat all employees and job applicants based on merit, qualifications, competence, and talent. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.

Duties and responsibilities may not all be covered in the description, or may change over time at the discretion of Forma. You're encouraged to apply even if your experience doesn't precisely match the job description. Your skills and passion will stand out—and set you apart—especially if your career has taken some extraordinary twists and turns. At Forma, we welcome diverse perspectives, and people who think rigorously / aren't afraid to challenge assumptions. Join us!