Healthie

Senior Engineer, App Security

Remote

Not SpecifiedCompensation
Senior (5 to 8 years), Expert & Leadership (9+ years)Experience Level
Full TimeJob Type
UnknownVisa
Healthcare Technology, SaaSIndustries

Our Mission

Healthie powers virtual-first care delivery while improving access to healthcare and enabling better healthcare outcomes through technology. We build infrastructure that all healthcare organizations need to perform virtual-first care. Between our EHR, scheduling, and patient engagement solutions, Healthie’s API-first approach makes it easy for organizations of every size to build, customize, and scale their business. Today, we power thousands of organizations ranging from small private practices, to digital health startups and multi-billion-dollar healthcare companies. Leveraging Healthie, our customers deliver care to millions of patients, across the full spectrum of healthcare services—from preventative health and wellness to complex chronic care management. We believe that the future of healthcare delivery is virtual-first, longitudinal, and collaborative.

About the Role

We are hiring a Senior Application Security Engineer to join our Platform Engineering team at Healthie! In this role, you will serve as a security and technical contributor, responsible for safeguarding our application layer and driving security best practices across the engineering organization. You’ll partner closely with platform, infrastructure and core engineering teams to design secure-by-default systems, embed security into our SDLC, and proactively identify and remediate vulnerabilities in our code and cloud infrastructure. This is a hands-on role, ideal for someone who is excited to contribute to security programs in a fast-moving startup environment and help shape the future of security at Healthie. As our first dedicated AppSec hire, you’ll have the opportunity to continue to refine our secure development lifecycle, influence architectural decisions, and champion a culture of security awareness across the company. If you're passionate about building impactful systems, driving innovation, and making a difference in healthcare — we’d love to hear from you.

Details, Details

  • This is a full-time, remote position located in the United States
  • The base salary for this role is $180,000-$200,000 per year plus equity & company bonus, benefits
  • U.S. work authorization is required and Healthie does not provide sponsorship.

What You'll Do

  • Design and implement secure coding standards and tooling for application-layer security
  • Conduct threat modeling and secure design reviews; manage ethical hacker program and third-party vulnerability reports
  • Lead regular code reviews, internal audits, and dynamic/static analysis efforts
  • Proficient at performing internal pentests
  • Contribute to the definition and design of Healthie’s secure development lifecycle (S-SDLC), including integration of security into CI/CD workflows
  • Administer, configure, and maintain Semgrep and other static and dynamic application security testing (SAST/DAST) tools to ensure continuous and effective code security
  • Partner with Engineering and Product teams to triage and remediate vulnerabilities quickly and safely
  • Build incident response playbooks for application-layer threats and support security investigations
  • Help build and promote a security champions program
  • Help ensure Healthie remains compliant with relevant standards (e.g., HIPAA, SOC 2, GDPR) from a software security perspective

About You

  • 5+ years of experience in application or product security roles, preferably in high-growth, cloud-native environments
  • Deep understanding of web application security, secure architecture patterns, and common vulnerabilities (e.g., OWASP Top 10, CIS controls, SANS Secure Coding Practices, etc.)
  • Strong background in secure software development practices, particularly in GraphQL, Ruby on Rails, React, or similar web frameworks
  • Experience with DevSecOps practices and security tooling
  • Experience building or maturing application-layer security programs, policies, or guidelines
  • Comfortable working across cross-functional teams and influencing security

Skills

Application Security
SDLC
Vulnerability Management
Cloud Infrastructure Security
Security Best Practices
API Security
Secure System Design

Healthie

Cloud-based EHR for wellness professionals

About Healthie

Healthie provides a software platform that helps wellness and healthcare professionals, such as nutritionists and therapists, manage their practices more effectively. The platform includes a cloud-based Electronic Health Record (EHR) system that simplifies administrative tasks like note-taking, client tracking, and e-faxing, allowing practitioners to focus on client care. Healthie operates on a subscription model, offering different tiers of service that scale with the needs of its users. This approach ensures that practitioners can access the tools they need without the hassle of physical installations, as everything is accessible online. Healthie stands out from competitors by ensuring compliance with major data protection regulations, providing a secure environment for sensitive information. The company's goal is to reduce the time spent on administrative work, enabling wellness professionals to grow their businesses and enhance client engagement.

New York City, New YorkHeadquarters
2016Year Founded
$40MTotal Funding
SERIES_BCompany Stage
Enterprise Software, HealthcareIndustries
51-200Employees

Benefits

Health Insurance
Dental Insurance
Vision Insurance
Life Insurance
Disability Insurance
401(k) Company Match
Paid Vacation
Paid Sick Leave
Paid Holidays
Parental Leave
Fertility Treatment Support
Wellness Program
Mental Health Support
Home Office Stipend
Flexible Work Hours
Remote Work Options
Hybrid Work Options

Risks

Increased competition from AI-powered tools like Verbal could pressure Healthie to innovate.
Rapid telehealth adoption may lead to market saturation, challenging differentiation.
Subscription-based revenue model could be risky during economic downturns.

Differentiation

Healthie offers a fully brandable suite of solutions for digital health organizations.
The platform is API-first, enabling seamless integration with other healthcare tools.
Healthie is HIPAA Compliant and SOC-2 Certified, ensuring top-grade security for data.

Upsides

Healthie raised $23M in Series B funding to accelerate product innovation.
Integration with Verbal AI reduces administrative workload and enhances compliance.
Partnership with OhMD improves patient communication through HIPAA-compliant text messaging.

Land your dream remote job 3x faster with AI