This position is posted by Jobgether on behalf of Healthie. We are currently looking for a Senior Engineer, App Security in the United States.
This is a high-impact, fully remote role where you’ll serve as the first dedicated AppSec expert within a growing engineering organization. You'll lead the effort to embed security into every layer of the software development lifecycle—helping shape secure architecture, building robust standards, and driving a culture of proactive security across cross-functional teams. This position blends hands-on application security engineering with strategic influence, offering you the opportunity to lay the foundation for secure coding practices that scale. If you're energized by fast-moving environments and care deeply about patient safety and data integrity, this role offers a rare chance to make a tangible difference in healthcare technology.
Accountabilities:
- Define and implement secure coding standards and tooling to proactively mitigate application-layer risks.
- Lead secure design reviews, internal audits, and threat modeling exercises.
- Manage and triage vulnerability reports from ethical hackers and third-party disclosures.
- Perform internal penetration testing and static/dynamic code analysis.
- Design and evolve the secure software development lifecycle (S-SDLC) and integrate security into CI/CD workflows.
- Administer security tools like Semgrep and other SAST/DAST solutions.
- Partner with engineering and product teams to remediate vulnerabilities rapidly and safely.
- Develop incident response playbooks for application-layer threats and support investigations.
- Champion a company-wide security awareness program and develop a security champions network.
- Ensure alignment with regulatory standards like HIPAA, SOC 2, and GDPR from a software security standpoint.
Requirements
- 5+ years of experience in application or product security roles, ideally within fast-paced, cloud-native environments.
- Deep knowledge of web application security principles, secure design patterns, and common vulnerabilities (e.g., OWASP Top 10, SANS/CIS standards).
- Strong hands-on experience with modern development stacks—especially GraphQL, Ruby on Rails, and React.
- Familiarity with DevSecOps workflows and integration of security tooling in CI/CD pipelines.
- Proven track record of building or scaling application-layer security programs.
- Ability to collaborate across teams, communicate technical risks clearly, and influence without formal authority.
- Mission-driven, with a passion for improving healthcare systems and protecting patient data.
- Bonus: Experience in healthcare compliance (HIPAA, SOC 2 audits) is a strong plus.
- Must be located in the U.S. and authorized to work without sponsorship.
Benefits
- Base salary of $180,000–$200,000 per year
- Equity and company performance bonus
- Fully remote work from anywhere in the U.S.
- Comprehensive health, dental, and vision insurance
- Generous paid time off and parental leave
- Support for home office setup
- Mission-driven team with a collaborative, inclusive culture
- Opportunity to shape the future of security in a high-growth, high-impact environment
Jobgether is a Talent Matching Platform that partners with companies worldwide to efficiently connect top talent with the right opportunities through AI-driven job matching.
When you apply, your profile goes through our AI-powered screening process designed to identify top talent efficiently and fairly.
🔍 Our AI evaluates your CV and LinkedIn profile thoroughly, analyzing your skills, experience and achievements.
📊 It compares your profile to the job’s core requirements and past success factors to determine your match score.
🎯 Based on this analysis, we automatically shortlist the 3 candidates with the highest match to the role.
🧠 When necessary, our human team may perform an additional manual review to ensure no strong profile is missed.
The process is transparent, skills-based, and free of bias — focusing solely on your fit for the role.
Once the shortlist is completed, we share it directly with the company that owns the job opening. The final decision and next steps (such as interviews or additional assessments) are then made by their internal hiring team.
Thank you for your interest!
#LI-CL1