About us

At Pomelo Care, we are redefining the healthcare journey for women and children. As the leading virtual medical practice in our field, we provide a continuous circle of support,from the first steps of family building and the complexities of pregnancy to the nuances of postpartum, pediatric, and midlife care.

What you'll do

As our first Product Security Engineer, you will sit at the intersection of Security and Software Engineering. Reporting directly to the CISO, you will be a "Security Builder": embedded within our engineering teams with the autonomy needed to build the automation, tools, and workflows that make security a seamless part of the software development lifecycle.

You aren't just finding bugs; you are building the systems that prevent and fix them at scale. Your work will be centered on three core strategic pillars:

• Secure architecture and auth: you will design and implement auth enhancements such as magic link improvements and access/audit log features to monitor access and improve transparency.

• Privacy engineering: you will lead the privacy engineering initiatives including DSAR integration, building automated data deletion capabilities directly into the Pomelo mobile app and our internal platform to ensure seamless compliance. You will also help improve privacy-preserving data de-identification and anonymization as needed.

• Full-cycle remediation: you will own the end-to-end pentest-to-fix lifecycle. This means you don't just triage reports; you write the code to fix penetration test findings, remediate SAST issues, and build greenkeeping systems for high-volume dependency patching with regression testing.

Beyond these pillars, you will serve as a high-leverage engineering partner to the broader InfoSec team by:

• Building secure-by-default libraries: reducing the load on core Software Engineering by creating internal libraries and patterns that make security the default path.

• Threat modeling: partnering with engineering leads to conduct threat modeling and ensure secure design at the earliest stages of the development process.

• Scaling through collaboration: as a security resource embedded in our engineering teams, you will help engineering squads navigate complex security use cases, translating GRC requirements into elegant code rather than manual checklists.

Who you are

You’re an enthusiastic and collaborative engineer who enjoys solving meaningful problems through code. You view security as a product challenge, and you believe the best way to secure a system is to make the "secure way" the "easy way." In particular, you:

• Are a builder first: Have 5+ years of software engineering experience with a strong foundation in computer science and a track record of shipping production-grade code (Python, Go, Kotlin or similar).

• Have a security mindset: You understand the OWASP Top 10, identity flows and prompt injections, but you’d rather build a system that eliminates a class of vulnerability than manually triage individual alerts. You believe security expertise should be embedded into the development process, not bolted on at the end.

• Are an automation enthusiast: you enjoy tackling complex problems with practical automation and are keeping up with trends in LLM agents to multiply your engineering impact.

• Navigate ambiguity: as a floating resource across various engineering teams, you are comfortable context-switching and can quickly build rapport with different engineering teams to understand their needs.

We’ll be super excited if you

• Have experience with Google Cloud Platform (GCP), Github Advanced Security (GHAS), Stytch, Sentry, Fullstory, Statsig or similar technology stack.

• Have prior experience in healthcare data, including understanding of HIPAA, SOC 2 Type 2 and HITRUST compliance requirements.

• Have experience building data infrastructure that supports AI/ML workloads,internal developer platforms and privacy preserving data de-identification and anonymization techniques.

• Have previously worked in a fast-paced, product-oriented startup environment.

Why you should join our team

By joining Pomelo, you will get in on the ground floor of a fast-moving, well-funded, and mission-driven startup that always puts the patient first. You will learn, grow and be challenged -- and have fun with your team while doing it.

We strive to create an environment where employees from all backgrounds are respected. We also offer:

• Competitive healthcare benefits

• Generous equity compensation

• Unlimited vacation

• Membership in the First Round Network (a curated and confidential community with events, guides, thousands of Q&A questions, and opportunities for 1-1 mentorship)

XML job scraping automation by YubHub

As a Staff Product Engineer on Replit’s Product Platform team, you’ll build the shared product systems and primitives that power Replit’s core experiences — enabling product teams to ship faster and helping users (and agents) build better software.

What you’ll do

• Lead major cross-team platform initiatives, taking foundational systems from 0 → 1 and scaling them to support millions of users

• Build shared, extensible Agent primitives that Replit Agent can reuse safely and consistently (Meta Programming)

• Identify the highest-leverage technical bottlenecks (performance, reliability, correctness, abuse, observability), then design and ship solutions for our scale

• Raise the bar for engineering excellence through architecture reviews, code quality, reliability standards, and mentorship

• Partner across teams to improve platform adoption, ergonomics, and velocity — turning platform work into measurable outcomes

Core areas you’ll work on

• Agents and Replit users depend on us to build applications (e.g. Connectors framework, Content/configuration primitives (CMS + product surfaces), Data/analytics/events + experimentation primitives)

• Replit Agent as a principal in third party systems. Agent can be fully used within ChatGPT and publishes straight to the iOS app store. We’ll be doing loads of that.

• Platform product teams rely on us to ship consistently (e.g. Identity & Access platform (SSO/SCIM), Localization/i18n platform, Notifications & communications platform)

• Core web platform infrastructure (e.g. performance & page load optimization, observability and debugging workflows, caching strategy and reliability)

Required skills and experience

• 7+ years of professional software engineering experience

• Understanding of the full agentic software development stack, helping coding agents build, test and review correct code.

• Strong track record leading complex projects with cross-functional stakeholders

• Experience building and operating platform systems that other teams depend on

• Experience operating and scaling systems in production (reliability, performance, incidents, on-call readiness)

• Strong product judgment: you can balance UX, speed, correctness, and long-term maintainability

• Comfort working in modern web stacks such as TypeScript, React, Node.js, Postgres

Bonus points

• Experience working in environments with a high engineering bar (or a fast-growing startup where you shipped fast _without_ burning out quality)

• Experience with platform and distributed systems patterns (queues, workflows, caching, rate limiting, async processing)

• Familiarity with systems like Redis, Postgres, Workflow engines (e.g. Temporal), Auth and enterprise identity (SSO, SCIM), Abuse protection and edge systems (Cloudflare), Cloud platforms (GCP), Observability (Datadog, Sentry), Localization, Experimentation and event pipelines (Statsig, Segment, analytics/event tracking)

Example Projects You’ll Work On

• Connectors platform for agents — ship a secure connector framework (OAuth/permissions/data access) so agents can integrate with Slack/Notion/GitHub/etc.

• Agent-facing external surfaces — own high-quality embedded experiences (desktop/extension/embeds) that let agents act in-context across tools

• Safety + abuse controls for agent actions — design permissioning, rate limits, and policy enforcement so agents can operate safely at scale

• Real-time notifications platform — design in-app/email surfaces + build reliable delivery/fanout, preferences, and observability

• Core web platform performance + caching — improve latency and reliability via caching strategy (Redis), profiling, and safe fallbacks

• Events + experimentation primitives — standardize tracking/metrics + feature flags/rollouts so teams can ship safely and measure impact

XML job scraping automation by YubHub