Easy Apply
Easy Apply
As a Security Program Specialist II, you'll triage security requests, perform technical analysis, coordinate responses, and improve security processes.
At WHOOP, we're on a mission to unlock human performance and healthspan. WHOOP empowers members to perform at a higher level through a deeper understanding of their bodies and daily lives. Protecting our members’ privacy and ensuring the security of their data is core to this mission.
The Product Security group focuses on safeguarding the member experience by addressing vulnerabilities, supporting privacy requests, and ensuring compliance with industry standards. We bridge the gap between our engineering, product, and compliance teams to ensure members can trust WHOOP with their most personal data.
As a Security Program Specialist II, you will help triage and coordinate incoming security and privacy requests, perform first-line technical analysis, and ensure timely resolution of issues. This role is a great opportunity for someone who enjoys both the operational side of security and digging into technical details, with future growth paths into either security engineering or information security program management.
*This role is based in the WHOOP office located in Boston, MA. The successful candidate must be prepared to relocate if necessary to work out of the Boston, MA office.*
RESPONSIBILITIES:
- Triage and evaluate bug bounty submissions, escalating valid vulnerabilities to engineering for remediation and coordinating response.
- Perform level 1 troubleshooting for member-reported privacy or security concerns, ensuring issues are routed appropriately.
- Coordinate responses to auditor and regulator requests, including gathering SOC and compliance evidence.
- Partner with Product Security Engineers to organize and document threat modeling sessions, leaning on technical experts for deep technical details.
- Track and communicate the status of security issues, ensuring timely follow-up and resolution.
- Support process improvements to make WHOOP’s security and privacy operations more efficient.
- Develop, maintain, and track KPIs that measure the effectiveness of product security programs and provide visibility into team performance and risk reduction.
- Work closely with software teams across the department to adopt and rollout new tooling and security process changes.
QUALIFICATIONS:
- 2–4 years of professional experience in a security, privacy, compliance, or technical support role.
- Familiarity with security and privacy concepts such as vulnerability reporting, data protection, and regulatory compliance (SOC 2, GDPR, etc.).
- Strong organizational skills with the ability to coordinate across multiple teams and stakeholders.
- Technical aptitude to perform basic analysis of security reports (e.g., reviewing proof-of-concept exploits, testing reproduction steps).
- Excellent written and verbal communication skills, with the ability to explain technical issues to non-technical stakeholders.
- Interest in growing your career in either engineering (security/product) or information security (governance, risk, and compliance).
BONUS QUALIFICATIONS:
- Experience with bug bounty platforms or security incident management.
- Ability to interpret existing code to validate bug bounty submissions, reproduce issues, and improve triage efficiency.
- Exposure to cloud environments (AWS preferred).
ABOUT YOU:
- You’re passionate about security and privacy, with a curiosity to dig into technical details while keeping the bigger picture in mind.
- You’re highly organized and thrive at coordinating across multiple teams to keep security and privacy programs running smoothly.
- You communicate clearly with both technical and non-technical stakeholders, making complex issues understandable.
- You take ownership of your work, ensuring issues are followed through to resolution and always keeping member trust front and center.
- You see security not just as risk reduction, but as a way to enable innovation and protect the member experience.
Interested in the role, but don’t meet every qualification? We encourage you to still apply! At WHOOP, we believe there is much more to a candidate than what is written on paper, and we value character as much as experience. As we continue to build a diverse and inclusive environment, we encourage anyone who is interested in this role to apply.
WHOOP is an Equal Opportunity Employer and participates in E-verify to determine employment eligibility. It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.
The WHOOP compensation philosophy is designed to attract, motivate, and retain exceptional talent by offering competitive base salaries, meaningful equity, and consistent pay practices that reflect our mission and core values.
At WHOOP, we view total compensation as the combination of base salary, equity, and benefits, with equity serving as a key differentiator that aligns our employees with the long-term success of the company and allows every member of our corporate team to own part of WHOOP and share in the company’s long-term growth and success.
The U.S. base salary range for this full-time position is $85,000 - $135,000. Salary ranges are determined by role, level, and location. Within each range, individual pay is based on factors such as job-related skills, experience, performance, and relevant education or training.
In addition to the base salary, the successful candidate will also receive benefits and a generous equity package.
These ranges may be modified in the future to reflect evolving market conditions and organizational needs. While most offers will typically fall toward the starting point of the range, total compensation will depend on the candidate’s specific qualifications, expertise, and alignment with the role’s requirements.
Top Skills
AWS
Gdpr
Soc 2
WHOOP Boston, Massachusetts, USA Office
1 Kenmore Sq, Boston, MA, United States, 02215
Similar Jobs at WHOOP
Fitness • Hardware • Healthtech • Sports • Wearables
Lead sourcing and supply chain functions, manage supplier strategies, oversee product development, and optimize cost and availability for hardware accessories.
Top Skills:
Ai ToolsArenaErpNetSuitePlm
Fitness • Hardware • Healthtech • Sports • Wearables
The Director of Brand Media will execute global media strategies to increase brand awareness and effectiveness while managing budgets and partnerships.
Top Skills:
Ai ToolsMedia Measurement ToolsMedia Mix Modeling
Fitness • Hardware • Healthtech • Sports • Wearables
Senior Manufacturing Engineer responsible for driving PCBA/SMT readiness, optimizing processes, supporting ramp in manufacturing, and applying Lean Six Sigma for continuous improvement.
Top Skills:
Design Of ExperimentsDfxGd&TIpc StandardsLean Six SigmaPcbaSmtSolidworks
What you need to know about the Boston Tech Scene
Boston is a powerhouse for technology innovation thanks to world-class research universities like MIT and Harvard and a robust pipeline of venture capital investment. Host to the first telephone call and one of the first general-purpose computers ever put into use, Boston is now a hub for biotechnology, robotics and artificial intelligence — though it’s also home to several B2B software giants. So it’s no surprise that the city consistently ranks among the greatest startup ecosystems in the world.
Key Facts About Boston Tech
- Number of Tech Workers: 269,000; 9.4% of overall workforce (2024 CompTIA survey)
- Major Tech Employers: Thermo Fisher Scientific, Toast, Klaviyo, HubSpot, DraftKings
- Key Industries: Artificial intelligence, biotechnology, robotics, software, aerospace
- Funding Landscape: $15.7 billion in venture capital funding in 2024 (Pitchbook)
- Notable Investors: Summit Partners, Volition Capital, Bain Capital Ventures, MassVentures, Highland Capital Partners
- Research Centers and Universities: MIT, Harvard University, Boston College, Tufts University, Boston University, Northeastern University, Smithsonian Astrophysical Observatory, National Bureau of Economic Research, Broad Institute, Lowell Center for Space Science & Technology, National Emerging Infectious Diseases Laboratories
