Associate Application Security Engineer

About The Position

Requirements

• Experience securing web applications and APIs, including a strong grasp of common vulnerabilities (e.g., OWASP Top 10) and practical mitigations.
• Hands-on experience with application security tooling (e.g., SAST, SCA, DAST, IaC/container scanning) and/or observability for security-relevant signals.
• Ability to communicate complex security and technical problems clearly to both technical and non-technical audiences.
• Exposure with secure SDLC practices such as threat modeling, security-focused design reviews, and vulnerability management.
• Track record of delivering high-quality, pragmatic security outcomes in collaboration with product and engineering teams.
• Enthusiasm and interest in technology in general and securing systems.

Nice To Haves

• Exposure to building or securing systems with AI/LLMs (e.g., OpenAI, Anthropic).
• Familiarity with OAuth2/OIDC, SSO, secure API design, and multi-tenant SaaS architectures.
• Experience with coding languages such as Python and JavaScript.
• Hands-on experience with security monitoring tooling (e.g., SIEM, IPS, WAF, SASE, Network Vulnerability Scanning) and/or observability for security-relevant signals.
• Exposure with secure SDLC practices such as threat modeling, security-focused design reviews, and vulnerability management.
• Knowledge of US healthcare industry, PHI/PII protection, and health tech.

Responsibilities

• Assist with secure design and implementation reviews for new and existing features across web applications, APIs, and backend services.
• Monitor, triage, and help remediate findings from security tooling.
• Get familiar with security technologies and processes.
• Work with feature teams to understand exploitability, prioritize fixes, and track closure of vulnerabilities in alignment with internal SLAs.
• Implement an enterprise security control and configure it for long-term observability.
• Contribute to the development of secure patterns and tooling by identifying, triaging, and tracking vulnerabilities.
• Independently review security alerts.
• Support the incident response process to ensure security events are resolved quickly and safely.

Benefits

• Elation welcomes individuals from all backgrounds and walks of life.
• Elation is proud to be an Equal Opportunity Employer and is dedicated to creating and maintaining a diverse and inclusive work environment.
• We are committed to equal opportunity for all employees and applicants, and value individuals with diverse perspectives including, but not limited to: race, color, religion, sex, sexual orientation, socioeconomic status, age, gender identity or gender expression, national origin, disability or veteran status.
• Elation also complies with all applicable national, state and local laws governing nondiscrimination in employment as well as work authorization and employment eligibility verification requirements of the Immigration and Nationality Act and IRCA.