Sr. Applications Security Engineer

About The Position

Requirements

• Has effective communication and collaboration skills to influence product and engineering teams, lead training, and be the application security subject matter expert.
• Approach work with curiosity and ownership, proactively identifying opportunities to improve processes.
• Enjoy building trusted relationships and partnering cross-functionally to solve complex problems.
• Demonstrate strong attention to detail while balancing multiple priorities.
• Adapt well in a fast-paced, evolving healthcare environment.
• Bachelor’s degree in Computer Science or a relevant field.
• Deep experience with secure SDLC practices, integrating security into design, development, and release processes.
• Practical threat modeling skills, including running or contributing to design reviews and identifying architectural risks in complex systems.
• Proficiency in security-focused code review across at least one major stack (for example Java, .NET, JavaScript/TypeScript, Python) and ability to spot insecure patterns.
• Hands-on experience with application security testing tools and techniques, including SAST, DAST, and manual web/API testing.

Nice To Haves

• Advanced degree a plus

Responsibilities

• Serve as a key security partner for product, engineering, and DevOps teams to embed security requirements into design, development, and release activities, supporting secure by design and secure by default outcomes across the SDLC.
• Serve as the application security subject matter expert in formal change and release review processes, ensuring security requirements are defined, reviewed, and enforced prior to production deployment.
• Drive proactive risk identification and mitigation by leading threat modeling workshops and architectural risk assessments to inform secure design decisions and reduce systemic vulnerabilities.
• Contribute to and influence the evolution of application security strategy, standards, and metrics to support continuous maturity improvement and measurable outcomes within the secure development program.
• Own the operational effectiveness and continuous improvement of automated application security tooling and CI/CD pipeline integrations (e.g., SAST, DAST, SCA, security checks) to enable scalable, repeatable secure software development practices.
• Lead and coordinate internal and third-party penetration testing and dynamic security assessments, ensuring vulnerabilities are identified, validated, prioritized, and communicated to support remediation and risk reduction.
• Lead the development and delivery of application security policies, standards, training, and developer mentoring to strengthen secure coding practices and organizational security awareness.
• Ensure application security requirements are validated against recognized frameworks and standards (e.g., OWASP ASVS, NIST guidance, CWE), including documented security impact analysis for architectural and design changes.
• Perform security focused code reviews and third-party software assessments to identify vulnerabilities, insecure patterns, and supply chain risks in accordance with secure acquisition and reuse practices.
• Communicate application security risks, vulnerabilities, and remediation status to technical and business stakeholders in a clear, timely, and actionable manner to support informed risk based decision making.

Benefits

• Comprehensive health benefits including medical, dental, vision, and telehealth
• 401(k) with company match and personalized financial coaching to support your financial future
• Health Savings Account (HSA) with company contributions
• Wellness incentives that reward your preventative healthcare activities
• Tuition assistance to support your education and growth
• Flexible time off and company-paid holidays
• Social and fun events to build community at our locations!