Senior Security Engineer, Apps

Hinge Health-posted 4 days ago
$192,000 - $230,400/Yr
Full-time • Mid Level
Hybrid • San Francisco, CA
1,001-5,000 employees
Resume
Match Score
Upload and Match ResumeTrack Jobs with Teal

We're looking for a detail oriented, technically skilled engineer to join our Application Security team. This role offers opportunities to influence the group's growth and direction while integrating security within the entire Software Development Life Cycle (SDLC). Security Engineers will collaborate with Product and Engineering teams to embed security into all phases of the SDLC from feature design and implementation to deployment. They also establish and evaluate authentication, authorization, and privacy controls for B2C, B2B and M2M entity types and use cases. They will identify, prioritize, and remediate vulnerabilities identified via internal and third party penetration testing, Software Composition Analysis (SCA), Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST). They will also deploy, maintain and tune the tools used to perform this testing. Security Engineers serve as subject matter experts on authentication and authorization security, partnering with product and engineering teams to implement security and privacy best practices for healthcare applications. The ideal candidate will have experience securing, hardening, and identifying vulnerabilities in web applications, RESTful and GraphQL APIs, and mobile applications (iOS and Android) in a cloud hosted microservice environment. The ideal candidate will also have experience risk assessing the results of automated SCA, SAST and DAST to validate severity before assigning to engineers for remediation. They may also have experience in securing Generative AI LLM services, including, but not limited to security guardrails to prevent jailbreaks, sensitive information disclosure, data/model poisoning, and safety guardrail verification and testing.

  • Implement and maintain automated security scanning tools (SCA, SAST, DAST) and perform manual and AI assisted security assessments including source code review to identify and remediate vulnerabilities in Hinge Health web applications, mobile applications and API endpoints.
  • Enable the product teams to create secure by design product features and services by working alongside product managers and engineers during the design phase of projects including Generative AI projects.
  • Assist with third party security assessments and penetration tests of Hinge Health web applications, API endpoints, and mobile applications, including interpretation of results and verification of remediations.
  • Contribute to the improvement of Software Development Life Cycle management policies, procedures, and standards.
  • 3+ years of experience in application security, product security, or related security engineering roles
  • Experience securing web applications, mobile applications (iOS/Android), or API endpoints
  • Experience with automated security testing, including configuring and automating security scans as part of the CI/CD process, and interpreting the results and working directly with engineers on prioritization and remediation.
  • Experience in examining source code in multiple languages to evaluate security controls and identifying common coding and design vulnerabilities.
  • Experience with OWASP Top 10 and other common security flaw patterns.
  • Demonstrated ability to collaborate with engineering and product teams to address security concerns.
  • Experience securing applications in Health Care, securing ePHI and HIPAA/HITECH regulations.
  • Experience with modern authentication and authorization technologies including OAuth 2.0, OIDC, SAML, JWT validation, SSO integrations, MFA/OTP implementations, API tokens, and identity platforms such as Auth0 or Okta.
  • Understanding of session management, refresh tokens, and secure authentication flows for B2C, B2B, and M2M use cases.
  • Experience assessing the security and safety of Generative AI LLM solutions and in evaluating and implementing solutions for their continuous monitoring
  • Familiarity with HITRUST CSF and NIST control frameworks.
  • Experience in Threat Modeling
  • Experience performing security assessments and secure design of hardware and firmware of medical devices communicating over Bluetooth
  • Experience with any of the following, deploying web based services on AWS infrastructure, Kubernetes, Typescript, ReactNative, Python, Go, Ruby on Rails, GraphQL, IaC using Terraform.
  • Incident Handling: Be able to work as a subject matter expert in the security controls, internal communications, and infrastructure of Hinge Health applications during security incidents.
  • Inclusive healthcare and benefits: On top of comprehensive medical, dental, and vision coverage, we offer employees and their family members help with gender-affirming care, tools for family and fertility planning, and travel reimbursements if healthcare isn't available where you live.
  • Planning for the future: Start saving for the future with our traditional or Roth 401k retirement plan options which include a 2% company match.
  • Modern life stipends: Manage your own learning and development
Track Jobs with Teal

Job Search Resources

AI Resume Builder
Application Engineer Resume Examples
Application Engineer Cover Letter Examples

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service