SimplePractice · 4 days ago
Application Security Engineer
United States
Full-time
Remote
Senior Level
$115K/yr - $145K/yr
5+ years expSimplePractice is a leading practice management platform for health & wellness professionals. They are seeking a hands-on Application Security Engineer to enhance and safeguard their platform by integrating robust security practices into the software development lifecycle and contributing to the application security program.
Health CareSaaSSoftware
Responsibilities
Design, build, and implement secure solutions and automation to embed security testing and controls within the SDLC, serving as a hands-on expert in secure development practices
Partner with engineering teams to move from reactive security fixes to proactive, embedded security in their development workflows
Collaborate with product and engineering teams to perform security reviews, threat modeling, and design reviews for new features and architectural changes
Actively develop and contribute code to internal security tools, security testing frameworks (e.g., SAST, DAST, SCA), and defensive libraries to proactively identify and address vulnerabilities
Lead incident response for application-related security events, focusing on root cause analysis and implementing preventative controls
Integrate security capabilities directly into CI/CD pipelines and engineering workflows to automate vulnerability detection and remediation
Design and implement security architecture for web applications, APIs, and microservices, ensuring security by design
Develop secure coding standards, security patterns, and reusable components for application development and deployment
Conduct threat modeling across the application portfolio to identify and prioritize risks
Establish and maintain security controls for development, staging, and production environments
Translate application security strategies into actionable development plans and prototypes
Evaluate third-party components, libraries, and SaaS providers for security, compliance, and data protection
Assess emerging application security tools and technologies
Review cloud-based services and configurations for compliance and security posture
Partner with legal and compliance teams to ensure application security initiatives meet regulatory (e.g., HIPAA, HITECH) and contractual requirements
Implement and monitor controls for data privacy, integrity, and access management within the application layer
Develop metrics and reporting for the application security posture across engineering teams
Liaison with customers and auditors on SimplePractice’s approach to application security and compliance
Leverage automation to operationalize security and compliance workflows, continuously monitoring and improving our security posture
Qualification
Required
5+ years of experience in information security, with recent focus on application security, secure SDLC, and partnership with engineering
Proven hands-on experience in designing, developing, and deploying security controls and automation, including expertise in code review, vulnerability remediation, and security testing
Strong background in security architecture and threat modeling for modern web applications and APIs
Strong bias towards automating security tasks and processes to scale the program
Demonstrated experience in implementing security controls within a regulated environment (e.g., healthcare, finance), with a strong emphasis on practical application and automation
Degree in Computer Science, Cybersecurity, or a related field
Demonstrated experience with serverless cloud technologies (e.g., Lambda, Cloud Run) and/or containerization and orchestration (e.g., Docker, Kubernetes)
Strong software development background with proficiency in ruby, python, rust, go, or similar languages, including experience with DevSecOps practices and tools such as Terraform, Git, and CI/CD pipelines
Understanding of healthcare compliance (HIPAA, HITECH) is highly desirable
Excellent analytical, problem-solving, and communication skills, especially the ability to explain security risks to engineering partners
Ability to work independently to learn new technologies, processes, and frameworks
Preferred
A ‘hands-on' security certification (SANS, OSCP, CSSLP, etc.)
Experience in healthcare or medical device security
Experience contributing to open-source security projects or developing internal application security tools/frameworks
Familiarity with security automation and orchestration platforms (e.g., SOAR) and their integration with application security tools
Benefits
Medical, dental, vision, life & disability insurance
401(k) plan with company match
Flexible Time Off (FTO), wellbeing days, paid holidays, and summer Fridays
Mental health resources
Paid parental leave & Backup Care
Tuition reimbursement
Employee Resource Groups (ERGs)
Company
SimplePractice
Cloud-based Practice Management Software for Health Professionals.
501-1000 employees
H1B Sponsorship
SimplePractice has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (9)
2024 (9)
2023 (6)
2022 (7)
2021 (3)
2020 (2)
Funding
Current Stage
Late StageLeadership Team
Ralph Zimmermann
Founder | Advisor
Recent News
2025-10-16
2025-08-08
Company data provided by crunchbase