Security Program Specialist II

Boston, MA
Software /
On-site
At WHOOP, we're on a mission to unlock human performance and healthspan. WHOOP empowers members to perform at a higher level through a deeper understanding of their bodies and daily lives. Protecting our members’ privacy and ensuring the security of their data is core to this mission.

The Product Security group focuses on safeguarding the member experience by addressing vulnerabilities, supporting privacy requests, and ensuring compliance with industry standards. We bridge the gap between our engineering, product, and compliance teams to ensure members can trust WHOOP with their most personal data.

As a Security Program Specialist II, you will help triage and coordinate incoming security and privacy requests, perform first-line technical analysis, and ensure timely resolution of issues. This role is a great opportunity for someone who enjoys both the operational side of security and digging into technical details, with future growth paths into either security engineering or information security program management.

*This role is based in the WHOOP office located in Boston, MA. The successful candidate must be prepared to relocate if necessary to work out of the Boston, MA office.*

RESPONSIBILITIES:

    • Triage and evaluate bug bounty submissions, escalating valid vulnerabilities to engineering for remediation and coordinating response.
    • Perform level 1 troubleshooting for member-reported privacy or security concerns, ensuring issues are routed appropriately.
    • Coordinate responses to auditor and regulator requests, including gathering SOC and compliance evidence.
    • Partner with Product Security Engineers to organize and document threat modeling sessions, leaning on technical experts for deep technical details.
    • Track and communicate the status of security issues, ensuring timely follow-up and resolution.
    • Support process improvements to make WHOOP’s security and privacy operations more efficient.
    • Develop, maintain, and track KPIs that measure the effectiveness of product security programs and provide visibility into team performance and risk reduction.
    • Work closely with software teams across the department to adopt and rollout new tooling and security process changes.

QUALIFICATIONS:

    • 2–4 years of professional experience in a security, privacy, compliance, or technical support role.
    • Familiarity with security and privacy concepts such as vulnerability reporting, data protection, and regulatory compliance (SOC 2, GDPR, etc.).
    • Strong organizational skills with the ability to coordinate across multiple teams and stakeholders.
    • Technical aptitude to perform basic analysis of security reports (e.g., reviewing proof-of-concept exploits, testing reproduction steps).
    • Excellent written and verbal communication skills, with the ability to explain technical issues to non-technical stakeholders.
    • Interest in growing your career in either engineering (security/product) or information security (governance, risk, and compliance).

BONUS QUALIFICATIONS:

    • Experience with bug bounty platforms or security incident management.
    • Ability to interpret existing code to validate bug bounty submissions, reproduce issues, and improve triage efficiency.
    • Exposure to cloud environments (AWS preferred).

ABOUT YOU:

    • You’re passionate about security and privacy, with a curiosity to dig into technical details while keeping the bigger picture in mind.
    • You’re highly organized and thrive at coordinating across multiple teams to keep security and privacy programs running smoothly.
    • You communicate clearly with both technical and non-technical stakeholders, making complex issues understandable.
    • You take ownership of your work, ensuring issues are followed through to resolution and always keeping member trust front and center.
    • You see security not just as risk reduction, but as a way to enable innovation and protect the member experience.
Interested in the role, but don’t meet every qualification? We encourage you to still apply! At WHOOP, we believe there is much more to a candidate than what is written on paper, and we value character as much as experience. As we continue to build a diverse and inclusive environment, we encourage anyone who is interested in this role to apply.

WHOOP is an Equal Opportunity Employer and participates in E-verify to determine employment eligibility.  It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.