Who is Prescryptive?
Prescryptive is the healthcare technology company enabling the direct access marketplace for prescription drugs. Our platform aligns incentives so affordability, choice, and patient access become the natural outcome of a functioning system. Learn more about us by following us on LinkedIn or visiting Prescryptive.com.
About this role
We're looking for a Principal TPM to own the strategy and delivery of our secure software supply chain — shaping how security is built into our platforms, not bolted on after the fact. This is not a coordination role. You'll have real ownership over strategy, architecture decisions, and outcomes, working alongside engineers and security architects to measurably improve how we deliver secure software at scale.
You'll drive cross-functional programs spanning security engineering, platform engineering, and product development, partnering with engineering leadership to design systems that make the secure path the easy path. If you're energized by hard problems at the intersection of speed and security, and ready to set direction rather than follow it, this role was built for you.
The ideal candidate has operated at the intersection of software engineering and security, speaks fluently in both CI/CD pipelines and risk frameworks, and has a track record of turning ambiguous security mandates into well-defined, executable programs.
What you will do
- Own the DevSecOps roadmap. Define and execute the strategy for integrating security across our SDLC — SAST, DAST, dependency scanning, secrets detection, container security — ensuring controls are comprehensive without becoming delivery bottlenecks.
- Lead complex, cross-functional programs. Manage a portfolio of interdependent security and infrastructure initiatives. Map dependencies, hold delivery cadences accountable, and escalate the right things at the right time.
- Build paved roads. Design shared pipeline templates, hardened base images, and reusable IaC modules that embed security as a default — reducing cognitive load on developers and eliminating per-team reinvention of compliance.
- Own risk and compliance. Maintain a clear view of technical security risk across your portfolio. Keep teams continuously audit-ready against relevant frameworks (SOC 2, ISO 27001, HIPAA, HITRUST) through automation, not heroics.
- Communicate across all levels. Translate security risk into business language for executives, and compliance requirements into engineering priorities for teams. You should be equally effective in a sprint review and a leadership risk briefing.
What We're Looking For
- Technical credibility. You've worked in or alongside software or infrastructure engineering. You understand CI/CD pipelines, cloud security architecture (AWS, Azure, or GCP), IaC (Terraform, Ansible, or CloudFormation), and security tooling well enough to earn trust from senior engineers — not just facilitate their conversations.
- Program management at scale. You've led large, ambiguous, multi-team programs from definition through delivery. You're comfortable with dependency mapping, risk registers, and milestone accountability across organizations with competing priorities.
- Influence without authority. You know how to align teams that don't report to you, build consensus across organizational boundaries, and drive change in environments where security isn't always the top priority.
- Executive presence. You make complex technical risk legible to non-technical stakeholders and can hold your own in architecture discussions with senior engineers in the same meeting.
Required skills, abilities, and education
- 8+ years in technical program management, software engineering, DevOps, or security engineering — with at least 3–4 years at the principal or staff level
- Demonstrated impact leading security programs at scale — spanning 5+ engineering teams or 200+ engineers — with measurable outcomes such as reduced vulnerability remediation time, improved audit pass rates, or accelerated security review cycles
Preferred skills, abilities, and education
- Hands-on engineering background strongly preferred
- Relevant certifications a plus: CISSP, CCSP, AWS/Azure/GCP Security Specialty, SAFe Program Consultant
What we have to offer
- The opportunity to grow alongside an early-stage company shaking up a big, old-fashioned industry
- Flexible time off, including 12 paid holidays
- 401k match plus 100% employer paid medical, dental, and vision premiums
- Company contribution to Health Savings Account
- Stock options
Prescryptive is committed to fair pay practices. The projected annual salary for this position is $148k to $205k. When preparing an offer, we consider the candidates resume, experience, interview feedback, internal equity, and location.
Prescryptive is an Equal Opportunity Employer. Prescryptive does not discriminate on the basis of race, religion, color, sex, gender identity, sexual orientation, age, non-disqualifying physical or mental disability, national origin, veteran status or any other basis covered by appropriate law. All employment is decided on the basis of qualifications, merit, and business need.
