Senior Application Security Engineer

About The Position

Requirements

• 5+ years of experience in penetration testing, ideally within healthcare or highly regulated environments.
• Expert knowledge of web/API vulnerabilities (OWASP Top 10) and mobile testing frameworks (Frida, Burp Suite, MobSF, Ghidra).
• Understanding of medical protocols (DICOM, HL7) and cloud security practices (AWS, Azure, or GCP).
• Proficiency in scripting languages (Python, JavaScript/TypeScript, Go) and secure SDLC practices.
• Excellent analytical, problem-solving, and interpersonal communication skills.

Nice To Haves

• Offensive Security: OSCP, OSCE, or OSWE.
• Mobile Security: eCMAP or GMOB.
• General/Regulated: CEH, CSSLP, GPEN, GWAPT, or UL 2900 training.

Responsibilities

• Execute advanced black-box and grey-box penetration tests on web applications, APIs (REST/GraphQL), and internal systems.
• Perform deep-dive mobile security assessments on iOS and Android, including reverse engineering and bypassing client-side controls like root detection and certificate pinning.
• Lead specialized security testing and threat modeling for FDA-regulated medical device software, ensuring compliance with HIPAA, GDPR, and FDA cybersecurity guidelines.
• Develop high-quality technical reports detailing exploit chains and business logic flaws, providing engineering teams with hands-on remediation guidance.
• Automate security testing by developing custom tools and scripts in languages such as Python, Go, or PowerShell.
• Communicate complex security risks and business impacts to executive leadership and cross-functional stakeholders.
• Mentor junior team members and provide security training to development teams to foster a robust culture of security awareness.

Benefits

• incentive compensation
• restricted stock units
• medical and other benefits depending on the position