Security Engineer III

GoodRx is looking for a hands-on Security Engineer to keep information safe and eliminate risks across our products and internal systems. This individual will collaborate with GoodRx’s Security engineering team to ensure our services are well vetted and maintained. The Security Engineering team works closely with our Information Security, IT, and DevOps teams to detect and respond to threats, improve our security operations posture, and support core security tooling. You’ll help drive visibility, automation, and incident response maturity by leveraging platforms like CrowdStrike Falcon, Palo Alto (Prisma VPN), One Trust and Sumo Logic. The Security Engineer will be technically savvy, a strong multitasker, and be one step ahead to ensure consistent coverage. The Security Engineer will work on, review third party risks, assess, monitor, and mitigate risks, incident handling and participating in projects that scale our security capabilities across cloud and enterprise environments.

Responsibilities :

Perform risk analysis across the enterprise and production environments to identify internal and external threats

Provide security systems technology support as it applies to the implementation, installation and maintenance of security tooling, processes, procedures and runbooks

Monitor, analyze, and triage alerts and logs from Falcon, Prisma VPN, Sumo Logic, and other security platforms

Stay current on emerging threats, vulnerabilities, and threat actor behaviors, and apply this knowledge to improve detection and response

Investigate potential threats and participate in incident response activities, including root cause analysis and remediation

Manage and optimize Palo Alto Prisma Access policies, VPN configurations, and integrations to support secure remote access

Create and maintain security detections, dashboards, and reports in Sumo Logic to improve threat visibility and reduce noise

Collaborate with DevOps, Infrastructure, and Compliance teams to implement security controls aligned with frameworks like NIST, HiTrust, and CIS.

Support onboarding of new tools and systems into our security monitoring and alerting stack

Provide systems support with respect to building or improving systems security

Maintains corporate and production security procedures

Develop and provide regular security training

Plans, coordinates, and conducts investigations of alleged and suspected security incidents and events

Evaluate third-party vendor control environments to ensure effective and efficient supplier performance results

Ability to work independently to ensure goals set by leadership are reached, and a team player

Triage, remediate, and escalate security alerts / events / reports

Maintain all required business controls elements of the security program and participate in the audit process for assigned areas of responsibility

Required Technical and Professional Expertise :

At least 3 to 5 years experience in Security Operations, Incident Response, or similar security roles

Expertise in cloud and on-prem environments

Experience with risk assessment & analysis, emergency preparedness, and investigations / incident management

Experience with Third Party Risk Management assessments

Comfortable writing detection queries and scripts

Strong Knowledge of Windows and Mac operating systems.

Knowledge of common attack vectors and MITRE ATT&CK framework

Strong problem-solving skills and the ability to thrive in a fast-paced, collaborative environment.

Strong experience with CrowdStrike Falcon, Palo Alto firewalls / Prisma Access / VPN, and Sumo Logic or similar SIEM platforms.Experience working in a SOC is a plus

Experience with SSO platforms, such as Otka and SAML are a plus

Experience with AWS, GCP, CDN / edge security tools and services are a plus

Availability to travel if needed

Experience with automation frameworks or scripting in Python, PowerShell, or Bash

Security certifications such as GCIA, GCIH, CEH, or Palo Alto PCNSE

Exposure to container and CI / CD security (Kubernetes, GitHub Actions, etc.)

Familiarity with regulatory frameworks such as SOC 2, CIS, or HiTrust

Security is responsible for implementing security measures, monitoring suspicious activity, and taking immediate action against cyber threats through the incident response process and vulnerability management program. Additionally, Security monitors GoodRx’s organizational systems for end users’ activities from an information security perspective and correlates / analyzes logs to detect potential Events and Incidents. Lastly, the team works collaboratively with other departments to improve the organization’s security posture.

At GoodRx, pay ranges are determined based on work locations and may vary based on where the successful candidate is hired. The pay ranges below are shown as a guideline, and the successful candidate’s starting pay will be determined based on job-related skills, experience, qualifications, and other relevant business and organizational factors. These pay zones may be modified in the future. Please contact your recruiter for additional information.

San Francisco and Seattle Offices :

143,000.00 - $229,000.00

New York Office :

131,000.00 - $210,000.00

119,000.00 - $191,000.00

Other Office Locations :

107,000.00 - $172,000.00

GoodRx also offers additional compensation programs such as annual cash bonuses and annual equity grants for most positions as well as generous benefits. Our great benefits offerings include medical, dental, and vision insurance, 401(k) with a company match, an ESPP, unlimited vacation, 13 paid holidays, and 72 hours of sick leave. GoodRx also offers additional benefits like mental wellness and financial wellness programs, fertility benefits, generous parental leave, pet insurance, supplemental life insurance for you and your dependents, company-paid short-term and long-term disability, and more!

We’re committed to growing and empowering a more inclusive community within our company and industry. That’s why we hire and cultivate diverse teams of the best and brightest from all backgrounds, experiences, and perspectives. We believe that true innovation happens when everyone has a seat at the table and the tools, resources, and opportunities to excel.

With that said, research shows that women and other underrepresented groups apply only if they meet 100% of the criteria. GoodRx is committed to leveling the playing field, and we encourage women, people of color, those in the LGBTQ+ communities, individuals with disabilities, and Veterans to apply for positions even if they don’t necessarily check every box outlined in the job description. Please still get in touch - we’d love to connect and see if you could be good for the role!

GoodRx is committed to providing reasonable accommodations for candidates with disabilities during our recruiting process. If you need any assistance or accommodations due to a disability, please reach out to us at

We prioritize candidate safety. Please be aware that all official communication will only be sent from @ goodrx.com or

GoodRx is America's healthcare marketplace. The company offers the most comprehensive and accurate resource for affordable prescription medications in the U.S., gathering pricing information from thousands of pharmacies coast to coast, as well as a tele-health marketplace for online doctor visits and lab tests. Since 2011, Americans with and without health insurance have saved $60 billion using GoodRx and million consumers visitgoodrx.comeach month to find discounts and information related to their healthcare. GoodRx is the #1 most downloaded medical app on the iOS and Android app stores. For more information, visitwww.goodrx.com.

Security Engineer Iii • Remote CA

Related jobs

We and our 1 partners store and access personal data, like browsing data or unique identifiers, on your device. Selecting I Accept enables tracking technologies to support the purposes shown under we and our partners process data to provide. Selecting Reject All or withdrawing your consent will disable them. If trackers are disabled, some content and ads you see may not be as relevant to you. You can resurface this menu to change your choices or withdraw consent at any time by clicking the Show Purposes link on the bottom of the webpage [or the floating icon on the bottom-left of the webpage, if applicable]. Your choices will have effect within our Website. For more details, refer to our Privacy Policy.

Use precise geolocation data. Actively scan device characteristics for identification. Store and/or access information on a device. Personalised advertising and content, advertising and content measurement, audience research and services development.