Senior Security Engineer, Application Security
Trail of BitsFull Time
Senior (5 to 8 years)
Candidates should have 5+ years of experience in application or product security roles, preferably in high-growth, cloud-native environments. A deep understanding of web application security, secure architecture patterns, and common vulnerabilities like the OWASP Top 10 is required. Strong background in secure software development practices, particularly with GraphQL, Ruby on Rails, React, or similar web frameworks, is necessary. Experience with DevSecOps practices, security tooling, and building or maturing application-layer security programs, policies, or guidelines is also needed. Comfort working across cross-functional teams and influencing security is essential.
The Senior Application Security Engineer will design and implement secure coding standards and tooling for application-layer security. They will conduct threat modeling and secure design reviews, manage the ethical hacker program, and handle third-party vulnerability reports. Responsibilities include leading regular code reviews, internal audits, and SAST/DAST efforts, performing internal pentests, and contributing to the definition and design of Healthie’s secure development lifecycle. The role involves administering and configuring security testing tools like Semgrep, partnering with teams to triage and remediate vulnerabilities, building incident response playbooks, supporting security investigations, and helping build a security champions program. Additionally, the engineer will ensure compliance with relevant standards such as HIPAA, SOC 2, and GDPR from a software security perspective.
Cloud-based EHR for wellness professionals
Healthie provides a software platform that helps wellness and healthcare professionals, such as nutritionists and therapists, manage their practices more effectively. The platform includes a cloud-based Electronic Health Record (EHR) system that simplifies administrative tasks like note-taking, client tracking, and e-faxing, allowing practitioners to focus on client care. Healthie operates on a subscription model, offering different tiers of service that scale with the needs of its users. This approach ensures that practitioners can access the tools they need without the hassle of physical installations, as everything is accessible online. Healthie stands out from competitors by ensuring compliance with major data protection regulations, providing a secure environment for sensitive information. The company's goal is to reduce the time spent on administrative work, enabling wellness professionals to grow their businesses and enhance client engagement.