Apply on Employer Site

Healthie · 4 months ago

Senior Engineer, App Security

United States

Full-time

Remote

Senior Level

$180K/yr - $200K/yr

5+ years exp

Healthie is the world’s leading API-first, ONC-Certified EHR for healthcare delivery outside of the hospital. They are seeking a Senior Application Security Engineer to join their Platform Engineering team, responsible for safeguarding the application layer and driving security best practices across the organization.

Electronic Health Record (EHR)Enterprise SoftwareHealth CareNutritionSoftwareWellness

Diversity & Inclusion

No H1B

Responsibilities

Design and implement secure coding standards and tooling for application-layer security

Conduct threat modeling and secure design reviews; manage ethical hacker program and third-party vulnerability reports

Lead regular code reviews, internal audits, and dynamic/static analysis efforts

Proficient at performing internal pentests

Contribute to the definition and design of Healthie’s secure development lifecycle (S-SDLC), including integration of security into CI/CD workflows

Administer, configure, and maintain Semgrep and other static and dynamic application security testing (SAST/DAST) tools to ensure continuous and effective code security

Partner with Engineering and Product teams to triage and remediate vulnerabilities quickly and safely

Build incident response playbooks for application-layer threats and support security investigations

Help build and promote a security champions program

Help ensure Healthie remains compliant with relevant standards (e.g., HIPAA, SOC 2, GDPR) from a software security perspective

Qualification

Application securitySecure coding standardsThreat modelingDevSecOps practicesStatic/Dynamic analysisWeb application securitySecurity awarenessHealthcare complianceCross-functional collaboration

Required

5+ years of experience in application or product security roles, preferably in high-growth, cloud-native environments

Deep understanding of web application security, secure architecture patterns, and common vulnerabilities (e.g., OWASP Top 10, CIS controls, SANS Secure Coding Practices, etc.)

Strong background in secure software development practices, particularly in GraphQL, Ruby on Rails, React, or similar web frameworks

Experience with DevSecOps practices and security tooling

Experience building or maturing application-layer security programs, policies, or guidelines

Comfortable working across cross-functional teams and influencing security decisions without formal authority

You are mission-driven, passionate about healthcare, and motivated to build systems that improve patient safety and data integrity