Senior Software Engineer, Security

NexHealth•Seattle, WA

17h

About The Position

Our healthcare system remains frustratingly analog. When you live in a world of one-tap car rides, instant meal delivery, and unlimited streaming, why do you still have to call to schedule a doctor’s appointment and fill out a clipboard in the waiting room? NexHealth’s mission is to accelerate innovation in healthcare by connecting patients, providers, and developers. We’re building the infrastructure layer for modern healthcare, connecting thousands of fragmented, on-premise, and closed EHR systems into a single, modern platform that powers software, APIs, payments, and patient experiences across the ecosystem. Founded: 2017 Headquarters: San Francisco, CA Funding: $177M Series C Employees: 200+ Trusted by tens of thousands of providers and hundreds of health-tech developers — forging the infrastructure layer that modern healthcare needs. We're hiring a Senior Software Engineer, Security to own application security across our product platform — APIs, integrations, payments infrastructure, and the developer ecosystem built on top of our Synchronizer. This is a hands-on engineering role, not a compliance or audit function. You'll write code, design secure systems, review architecture, and embed security into the way we build — working directly alongside product engineering teams from the earliest stages of design. Data is at the center of everything we do, which means the security bar here is high and the work is meaningful. Moreover as a health tech company, we have the highest levels of responsibility towards safeguarding patient and customer data across all the facilities and services NexHealth provides. You'll report to engineering leadership and work closely with both product and platform teams.

Requirements

5+ years of software engineering experience, with 1–3+ years focused on application or product security
Experience building and securing backend systems in Python, Go, Java, or similar languages
Solid understanding of common vulnerabilities and mitigations (OWASP Top 10 and beyond)
Hands-on experience securing APIs and implementing authentication/authorization systems (OAuth 2.0, JWT, RBAC)
Experience working in cloud environments — we run on AWS and Google Cloud
Familiarity with security tooling: SAST, DAST, dependency scanning
Bachelor's degree in Computer Science, Engineering, or equivalent practical experience

Responsibilities

Design and build secure systems across our APIs, EHR integrations, payments infrastructure, and SaaS products
Lead threat modeling and security design reviews for new features — embedded in the development process, not bolted on at the end
Identify and remediate vulnerabilities in application code, dependencies, and infrastructure
Improve authentication, authorization, and access control systems across our platform (OAuth, RBAC, service-to-service auth)
Integrate and maintain security tooling in our CI/CD pipelines — SAST, DAST, dependency scanning
Contribute to secure coding standards, internal libraries, and developer-facing security frameworks
Support HIPAA and SOC 2 compliance through strong system design and documentation
Help raise the security bar across the engineering org through code reviews, education, and pairing with developers