Charlie Health · 2 hours ago
Lead Security Engineer
United States
Full-time
Remote
Senior Level, Lead/Staff
$180K/yr - $240K/yr
5+ years expCharlie Health is a company focused on improving access to behavioral healthcare. They are seeking a Lead Security Engineer to enhance secure development practices across the software development lifecycle and ensure the creation of secure, HIPAA-compliant software solutions.
Health Care
Responsibilities
Collaborate with product and IT engineering teams to design secure applications and features
Educate developers on secure coding practices and security testing
Serve as a subject matter expert on internal application security and SDLC controls
Conduct code reviews, threat models and risk assessments to identify and mitigate vulnerabilities early
Perform internal penetration testing and support incident response for application-level issues
Continuously monitor the threat landscape to proactively adjust defenses and strategies
Develop and implement tools and frameworks to integrate security into CI/CD pipelines
Work with teams to build and enforce secure SDLC controls in a fast-paced agile environment
Own and enhance application vulnerability management and remediation processes
Lead implementation of security policies, standards and remediation processes
Work cross-functionally to balance security risks with business objectives and product timelines
Participate in security incident response, forensic investigations and security incident postmortems related to applications and systems
Qualification
Required
5+ years of experience in application security, secure software development, or related roles
Bachelor's degree in Computer Science or related field, or equivalent experience
Proficiency in secure coding practices and languages such as TypeScript, Node, Python, Java, C++ or similar
Ability to contribute code changes to production applications as needed, including debugging, fixing security vulnerabilities, and collaborating with engineering teams on secure feature development
Hands-on experience with application security tools (e.g., Burp Suite, OWASP ZAP, Fiddler)
Deep understanding of web application vulnerabilities: XSS, CSRF, SQLi, session management, etc
Experience implementing security in CI/CD pipelines such as GitHub Action and agile development workflows
Familiarity with management and deployment of SAST, DAST, and SCA tooling
Knowledge of authentication technologies (i.e. Auth0, Okta, etc) and how to securely integrate them with applications
Strong communication skills with ability to clearly articulate risk to technical and non-technical audiences
Preferred
Experience with HIPAA and securing applications in healthcare environments
OSCP, OSWE or other relevant security certifications
Experience securing custom software collaboratively on a team
Familiarity with AWS cloud platform
Experience contributing to or managing bug bounty programs
Knowledge of security standards such as SOC2, ISO 27001/2, NIST 800-53, HITRUST, or HIPAA Security Rule
Ability to write proof-of-concept exploits and perform advanced security analysis
Benefits
Comprehensive benefits
Stock options
Company
Charlie Health
Virtual behavioral health clinic for high acuity youth
1001-5000 employees
Funding
Current Stage
Late StageTotal Funding
$0.85M2020-06-04Seed· $0.85M
Leadership Team
Justin Weiss
Co-founder, Head of Corporate Strategy
Ellen Broxmeyer
Chief Compliance Officer
Recent News
Behavioral Health Business
2025-08-14
Behavioral Health Business
2025-05-05
Company data provided by crunchbase