Senior Information Security Engineer - job 1 of 2

At WHOOP, we're on a mission to unlock human performance. WHOOP empowers members to perform at a higher level through a deeper understanding of their bodies and daily lives.

WHOOP is seeking a Senior Information Security Engineer to serve as a technical leader in our Security team reporting to our Information Security Manager. In this role, you will drive the deployment and continuous enhancement of controls that protect millions of users’ biometric and health data, build scalable defenses across our infrastructure and applications, and lead incident response efforts with visibility across the business. This is an opportunity to have direct impact at scale, working alongside engineers, product teams, and executives to drive forward-looking security strategies. 

• Implement and enhance security controls by leading the deployment, integration, and tuning of solutions such as CNAPP, SIEM, CASB, EDR, DLP, and MDM to maximize effectiveness.
• Support security design decisions by providing subject matter expertise on cloud and SaaS security best practices while influencing architecture led by the Security Architect role.
• Lead incident response and investigations by guiding containment, remediation, root cause analysis, and post-incident improvements.
• Strengthen application security by overseeing secure development practices and managing SAST, SCA, and DAST tooling.
• Advance identity and access management by supporting IAM policy enforcement, SSO, MFA, SCIM, RBAC, and user lifecycle governance.
• Secure AI systems and integrations by assessing and protecting embedded APIs and organizational AI tool usage to ensure resilience, privacy, and compliance.
• Collaborate cross-functionally by working with Engineering, IT, and GRC teams to embed security into systems and workflows.
• Mentor and influence by providing technical guidance, reviewing work, and promoting security-first thinking across the organization.
• Stay ahead of threats and regulations by tracking emerging risks, technologies, and compliance requirements to inform forward-looking strategies.
• Participate in and help improve the on-call rotation by providing guidance, escalation support, and driving improvements in response processes.

• Bachelor’s degree in Computer Science, Information Security, or a related technical field and/or advanced certifications (CISSP, CISM, AWS Security Specialty, SANS, etc.).
• 8+ years of hands-on experience in Information Security, IT Security, or a related role, including at least 2 years in a senior or lead capacity.
• Proven track record implementing and managing advanced security technologies (e.g., CASB, CNAPP, CSPM, SIEM, SOAR, DLP, SWG).
• Experience securing AI/ML systems or APIs, including governance of third-party AI integrations and organizational use of AI tools.
• Strong understanding of modern cloud security architecture (AWS, Azure, GCP) and experience performing threat modeling and risk assessments on cloud-based systems.
• Hands-on experience with application security tooling (SAST, SCA, DAST) and embedding secure development practices.
• Demonstrated leadership in security incident response, investigations, and root cause analysis.
• Effective communicator with the ability to influence stakeholders and explain security concepts to technical and non-technical audiences.
• Strong project management skills and the ability to drive initiatives to completion in a fast-paced environment.
• Experience mentoring engineers and setting operational standards.
• Familiarity with compliance and risk frameworks relevant to health and AI (SOC 2, ISO 27001, PCI, GDPR, FTC guidance, HIPAA-adjacent state laws) is a plus.

Interested in the role, but don’t meet every qualification? We encourage you to still apply! At WHOOP, we believe there is much more to a candidate than what is written on paper, and we value character as much as experience. As we continue to build a diverse and inclusive environment, we encourage anyone who is interested in this role to apply.

WHOOP is an Equal Opportunity Employer and participates in E-verify to determine employment eligibility.  It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.