Security Program Specialist II

About Whoop

At WHOOP, we’re on a mission to unlock human performance and healthspan. WHOOP empowers members to perform at a higher level through a deeper understanding of their bodies and daily lives. Protecting our members’ privacy and ensuring the security of their data is core to this mission. The Product Security group focuses on safeguarding the member experience by addressing vulnerabilities, supporting privacy requests, and ensuring compliance with industry standards. We bridge the gap between our engineering, product, and compliance teams to ensure members can trust WHOOP with their most personal data.

Job Summary

As a Security Program Specialist II, you will help triage and coordinate incoming security and privacy requests, perform first-line technical analysis, and ensure timely resolution of issues. This role is a great opportunity for someone who enjoys both the operational side of security and digging into technical details, with future growth paths into either security engineering or information security program management.

Key Responsibilities

• Triage and evaluate bug bounty submissions, escalating valid vulnerabilities to engineering for remediation and coordinating response.
• Perform level 1 troubleshooting for member-reported privacy or security concerns, ensuring issues are routed appropriately.
• Coordinate responses to auditor and regulator requests, including gathering SOC and compliance evidence.
• Partner with Product Security Engineers to organize and document threat modeling sessions, leaning on technical experts for deep technical details.
• Track and communicate the status of security issues, ensuring timely follow-up and resolution.
• Support process improvements to make WHOOP’s security and privacy operations more efficient.
• Develop, maintain, and track KPIs that measure the effectiveness of product security programs and provide visibility into team performance and risk reduction.
• Work closely with software teams across the department to adopt and rollout new tooling and security process changes.

Requirements

• 2–4 years of professional experience in a security, privacy, compliance, or technical support role.
• Familiarity with security and privacy concepts such as vulnerability reporting, data protection, and regulatory compliance (SOC 2, GDPR, etc.).
• Strong organizational skills with the ability to coordinate across multiple teams and stakeholders.
• Technical aptitude to perform basic analysis of security reports (e.g., reviewing proof-of-concept exploits, testing reproduction steps).
• Excellent written and verbal communication skills, with the ability to explain technical issues to non-technical stakeholders.
• Interest in growing your career in either engineering (security/product) or information security.