Senior Information Security Engineer
WHOOP
Software Engineering, IT
Boston, MA, USA
Posted on Jul 26, 2025
At WHOOP, we're on a mission to unlock human performance. WHOOP empowers members to perform at a higher level through a deeper understanding of their bodies and daily lives.
WHOOP is seeking a Senior Information Security Engineer to join our team, reporting to our Information Security Manager. In this role you will design, implement, administer, and monitor security measures to protect WHOOP systems, networks, and data from security threats. Success in this role requires continuous learning and adaptation to guard against ever-evolving security threats.
RESPONSIBILITIES:
- Serve as a technical lead and subject matter expert on key security initiatives and cross-functional projects, collaborating with IT, GRC, Software, and other stakeholders to reduce risk across the organization.
- Design, implement, and continuously improve security controls, automation, and monitoring solutions to protect WHOOP systems, infrastructure, and data at scale.
- Lead and execute complex security assessments, vulnerability testing, and risk analysis efforts, providing recommendations and driving remediation plans.
- Drive incident response efforts, including investigation, coordination, containment, remediation, root cause analysis, and post-incident reviews.
- Lead cloud security governance, focusing on AWS security best practices including IAM, networking, encryption, and threat detection.
- Collaborate on secure software development practices in partnership with Product Security and Software teams.
- Oversee and enhance IAM architecture and policies, including SSO, SCIM, MFA, RBAC, and user lifecycle management.
- Provide technical leadership in securing IaaS/PaaS and SaaS applications by defining best practices, conducting reviews, and hardening security controls.
- Guide the deployment, integration, and tuning of security tools such as CASB, EDR, DLP, SIEM, CNAPP, and MDM solutions to maximize effectiveness and coverage.
- Lead efforts to identify, triage, prioritize, and support the remediation of vulnerabilities across cloud environments, infrastructure, and SaaS platforms.
- Lead and mentor team members by providing guidance on security best practices, project execution, work review, and knowledge sharing.
- Promote a culture of security-first thinking across engineering, IT, and product teams by driving awareness, training, and secure development practices.
- Track emerging threats, technologies, and regulatory changes; propose and drive forward-looking security strategies to ensure WHOOP maintains a resilient security posture.
- Continuously assess and improve security operations, workflows, and tooling to meet evolving business and security requirements.
- Participate in and help improve the on-call rotation to support critical security incidents, offering guidance and escalation support as needed.
QUALIFICATIONS:
- Bachelor’s degree in Computer Science, Information Security, or a related technical field.
- 6+ years of hands-on experience in Information Security, IT Security, or a related role, including at least 2 years in a senior or lead capacity.
- Proven track record implementing and managing advanced security technologies (e.g., CASB, CNAPP, CSPM, SIEM, SOAR, DLP, SWG).
- Strong understanding of modern cloud security architecture (AWS, Azure, GCP) and experience performing threat modeling and risk assessments on cloud-based systems.
- Demonstrated leadership in security incident response, investigations, and root cause analysis.
- Excellent communication and interpersonal skills with the ability to influence stakeholders and explain security concepts to technical and non-technical audiences.
- Strong project management skills and the ability to drive initiatives to completion in a fast-paced environment.
- Experience mentoring junior engineers and promoting best practices across teams.
- Solid documentation and operational tracking skills with familiarity with ticketing systems such as Jira.
Interested in the role, but don’t meet every qualification? We encourage you to still apply! At WHOOP, we believe there is much more to a candidate than what is written on paper, and we value character as much as experience. As we continue to build a diverse and inclusive environment, we encourage anyone who is interested in this role to apply.
WHOOP is an Equal Opportunity Employer and participates in E-verify to determine employment eligibility. It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.