SIGN IN
Sr. Applications Security Engineer jobs in United States
cer-icon
Apply on Employer Site
company-logo

XiFin, Inc. · 17 hours ago

Sr. Applications Security Engineer

positionSD Metro Area
timeFull-time
remoteOnsite
senioritySenior Level
money$180K/yr - $205K/yr
XiFin, Inc. is committed to transforming healthcare through technology and AI. The Sr. Applications Security Engineer will serve as a key security partner for product, engineering, and DevOps teams, embedding security requirements into all development activities and managing security processes to ensure compliance and risk mitigation.
Medical DeviceEnterprise SoftwareHealthcareSoftwareInformation TechnologyHealth CareHealth Diagnostics
check
H1B Sponsor Likelynote

Responsibilities

Serve as a key security partner for product, engineering, and DevOps teams to embed security requirements into design, development, and release activities, supporting secure by design and secure by default outcomes across the SDLC
Serve as the application security subject matter expert in formal change and release review processes, ensuring security requirements are defined, reviewed, and enforced prior to production deployment
Drive proactive risk identification and mitigation by leading threat modeling workshops and architectural risk assessments to inform secure design decisions and reduce systemic vulnerabilities
Contribute to and influence the evolution of application security strategy, standards, and metrics to support continuous maturity improvement and measurable outcomes within the secure development program
Own the operational effectiveness and continuous improvement of automated application security tooling and CI/CD pipeline integrations (e.g., SAST, DAST, SCA, security checks) to enable scalable, repeatable secure software development practices
Lead and coordinate internal and third-party penetration testing and dynamic security assessments, ensuring vulnerabilities are identified, validated, prioritized, and communicated to support remediation and risk reduction
Lead the development and delivery of application security policies, standards, training, and developer mentoring to strengthen secure coding practices and organizational security awareness
Ensure application security requirements are validated against recognized frameworks and standards (e.g., OWASP ASVS, NIST guidance, CWE), including documented security impact analysis for architectural and design changes
Perform security focused code reviews and third-party software assessments to identify vulnerabilities, insecure patterns, and supply chain risks in accordance with secure acquisition and reuse practices
Communicate application security risks, vulnerabilities, and remediation status to technical and business stakeholders in a clear, timely, and actionable manner to support informed risk based decision making

Qualification

Secure SDLC practicesThreat modelingSecurity-focused code reviewApplication security testing toolsCommunication skillsCollaboration skillsAttention to detailProblem-solving

Required

Bachelor's degree in Computer Science or a relevant field
Deep experience with secure SDLC practices, integrating security into design, development, and release processes
Practical threat modeling skills, including running or contributing to design reviews and identifying architectural risks in complex systems
Proficiency in security-focused code review across at least one major stack (for example Java, .NET, JavaScript/TypeScript, Python) and ability to spot insecure patterns
Hands-on experience with application security testing tools and techniques, including SAST, DAST, and manual web/API testing
Effective communication and collaboration skills to influence product and engineering teams, lead training, and be the application security subject matter expert
Strong attention to detail while balancing multiple priorities
Ability to adapt well in a fast-paced, evolving healthcare environment

Preferred

Advanced degree a plus

Benefits

Comprehensive health benefits including medical, dental, vision, and telehealth
401(k) with company match and personalized financial coaching to support your financial future
Health Savings Account (HSA) with company contributions
Wellness incentives that reward your preventative healthcare activities
Tuition assistance to support your education and growth
Flexible time off and company-paid holidays
Social and fun events to build community at our locations!

Company

XiFin, Inc.

twittertwittertwitter
Glassdoor3.6
company-logo
XiFin is a healthcare information technology company that empowers healthcare organizations to navigate an increasingly complex and evolving healthcare landscape.
dateFounded in 1997
location
San Diego, California, USA
people-size1001-5000 employees
web-link
http://www.xifin.com

H1B Sponsorship

XiFin, Inc. has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (6)
2024 (6)
2023 (8)
2022 (6)
2021 (6)
2020 (5)

Funding

Current Stage
Late Stage
Total Funding
$8M
Key Investors
Goldman SachsWindward Ventures
2025-09-03Series Unknown
2014-07-30Acquired
2006-09-11Series D· $2M

Leadership Team

leader-logo
Erik Sallee
EVP and Chief Financial Officer
linkedin
leader-logo
Jeff Carmichael
Senior Vice President Of Engineering
linkedin

Recent News

Business Wire
XiFin and Its AI-Enabled RCM Ranked #1 in Cross-Ancillary, Laboratory, and Radiology Services, Black Book Research Reveals
2026-01-09
Business Wire
XiFin Joins Pharmacy Interoperability and Clinical Services Alliance to Support Pharmacists as Clinical Care Providers
2025-12-03
Newswire
XiFin, Inc. Achieves Seventh Consecutive #1 Client Experience Rating in Laboratory and Ancillary Revenue Cycle Services, Black Book 2025 Survey
2025-11-20
Company data provided by crunchbase