SimplePractice · 1 hour ago
Director of Application Security
Santa Monica, CA
Full-time
Onsite
Director/Executive
$176K/yr - $220K/yr
8+ years expSimplePractice is a leading practice management platform for health & wellness professionals. We are seeking a strategic and experienced Director of Application Security to lead, build, and scale our Application Security program across the entire organization.
Health CareSaaSSoftware
Responsibilities
Define, communicate, and execute the long-term vision, strategy, and roadmap for the Application Security program, aligning it with business objectives and regulatory requirements (e.g., HIPAA, HITRUST, PCI)
Act as player/coach for our Application Security team, fostering a culture of ownership, continuous improvement, and deep technical partnership with engineering
Develop and manage the Application Security budget, selecting and overseeing the deployment of essential security tools and technologies (SAST, DAST, SCA, IAST, etc.)
Drive the adoption of secure development practices, secure coding standards, and security design principles across all product and engineering teams
Serve as the primary subject matter expert for application security across the organization, advising C-level and senior leadership on risks and mitigation strategies
Oversee and guide the application security architecture process, ensuring security is built into the design of web applications, APIs, and microservices from the ground up
Establish and formalize the application-level threat modeling program to proactively identify and prioritize risks across the product portfolio
Develop comprehensive metrics and reporting to track the organization's application security posture, vulnerability remediation progress, and program effectiveness for executive review
Lead the application-focused incident response strategy, ensuring effective communication, root cause analysis, and the implementation of robust preventative controls post-incident
Lead threat modeling efforts for our AI product suite
Define and enforce the security standards and controls specifically tailored for our existing and emerging AI/ML features, including agentic AI solutions, to mitigate risks such as prompt injection, model poisoning, and data leakage
Collaborate closely with Data Science and Engineering teams to integrate MLOps security practices (SecMLOps), ensuring secure data handling, model integrity verification, and secure deployment pipelines for all AI components
Implement and manage security testing methodologies (e.g., adversarial testing, data drift monitoring) specific to machine learning models and related APIs
Partner with legal and compliance teams to ensure ethical and secure use of AI, ensuring compliance with relevant security, privacy, and regulatory requirements specific to AI/ML applications in healthcare
Champion DevSecOps principles, overseeing the integration of automated security testing and controls directly into CI/CD pipelines and engineering workflows
Partner with engineering leadership to implement tooling and educational initiatives that enable developers to efficiently write and deploy secure code at scale in the age of AI
Ensure the Application Security program meets all applicable regulatory and contractual obligations (e.g., HIPAA, HITRUST, PCI)
Oversee third-party vendor security assessments, focusing on the security and data protection posture of integrated applications and services
Act as the key liaison for all application security matters during customer security reviews, regulatory audits, and compliance activities
Qualification
Required
8+ years of experience in Information Security, with at least 3+ years in a senior or leadership role establishing and running a modern Application Security program
Proven ability to define, communicate, and execute a multi-year Application Security strategy and roadmap
Demonstrated experience managing or mentoring security engineers and growing technical teams
Deep technical understanding of application security architectures, secure development lifecycles (SDLC), and modern security automation/DevSecOps practices
Expertise in common application vulnerabilities and threat modeling methodologies
Demonstrated experience managing security in a regulated environment (e.g., healthcare, finance), with deep knowledge of compliance frameworks like HIPAA, HITRUST, PCI
Strong background with cloud technologies (AWS, GCP, or Azure), containerization (Docker/Kubernetes), and serverless architectures
Exceptional leadership, communication, and interpersonal skills, with the ability to influence technical and non-technical stakeholders up to the executive level
Preferred
Bachelor's or Master's degree in Computer Science, Cybersecurity, or a related field
Relevant industry certification (e.g., CISSP, CSSLP, CISM)
Direct experience leading Application Security efforts in the healthcare technology sector
Experience selecting, negotiating, and managing complex third-party application security tools (SAST/DAST/SCA)
Experience with building security into AI security products
Benefits
Medical, dental, vision, life & disability insurance
401(k) plan with company match
Flexible Time Off (FTO), wellbeing days, paid holidays, and summer Fridays
Mental health resources
Paid parental leave & Backup Care
Tuition reimbursement
Employee Resource Groups (ERGs)
Company
SimplePractice
Cloud-based Practice Management Software for Health Professionals.
501-1000 employees
H1B Sponsorship
SimplePractice has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (9)
2024 (9)
2023 (6)
2022 (7)
2021 (3)
2020 (2)
Funding
Current Stage
Late StageLeadership Team
Ralph Zimmermann
Founder | Advisor
Recent News
2025-10-16
Company data provided by crunchbase