Senior Information Security Engineer

RESPONSIBILITIES:

• Serve as a technical lead and subject matter expert on key security initiatives and cross-functional projects, collaborating with IT, GRC, Software, and other stakeholders to reduce risk across the organization.
• Design, implement, and continuously improve security controls, automation, and monitoring solutions to protect WHOOP systems, infrastructure, and data at scale.
• Lead and execute complex security assessments, vulnerability testing, and risk analysis efforts, providing recommendations and driving remediation plans.
• Drive incident response efforts, including investigation, coordination, containment, remediation, root cause analysis, and post-incident reviews.
• Oversee and enhance IAM architecture and policies, including SSO, SCIM, MFA, RBAC, and user lifecycle management.
• Provide technical leadership in securing IaaS/PaaS and SaaS applications by defining best practices, conducting reviews, and hardening security controls.
• Guide the deployment, integration, and tuning of security tools such as CASB, EDR, DLP, SIEM, CNAPP, and MDM solutions to maximize effectiveness and coverage.
• Lead efforts to identify, triage, prioritize, and support the remediation of vulnerabilities across cloud environments, infrastructure, and SaaS platforms.
• Lead and mentor team members by providing guidance on security best practices, project execution, work review, and knowledge sharing.
• Promote a culture of security-first thinking across engineering, IT, and product teams by driving awareness, training, and secure development practices.
• Track emerging threats, technologies, and regulatory changes; propose and drive forward-looking security strategies to ensure WHOOP maintains a resilient security posture.
• Continuously assess and improve security operations, workflows, and tooling to meet evolving business and security requirements.
• Participate in and help improve the on-call rotation to support critical security incidents, offering guidance and escalation support as needed.

QUALIFICATIONS:

• Bachelor’s degree in Computer Science, Information Security, or a related technical field.
• 6+ years of hands-on experience in Information Security, IT Security, or a related role, including at least 2 years in a senior or lead capacity.
• Proven track record implementing and managing advanced security technologies (e.g., CASB, CNAPP, CSPM, SIEM, SOAR, DLP, SWG).
• Strong understanding of modern cloud security architecture (AWS, Azure, GCP) and experience performing threat modeling and risk assessments on cloud-based systems.
• Demonstrated leadership in security incident response, investigations, and root cause analysis.
• Excellent communication and interpersonal skills with the ability to influence stakeholders and explain security concepts to technical and non-technical audiences.
• Strong project management skills and the ability to drive initiatives to completion in a fast-paced environment.
• Experience mentoring junior engineers and promoting best practices across teams.
• Solid documentation and operational tracking skills with familiarity in tools such as Jira, Confluence, and ticketing systems.