Healthie

Senior Engineer, App Security

Remote

Not SpecifiedCompensation
Senior (5 to 8 years), Expert & Leadership (9+ years)Experience Level
Full TimeJob Type
UnknownVisa
Healthcare Technology, SaaSIndustries

Requirements

Candidates should have 5+ years of experience in application or product security roles, preferably in high-growth, cloud-native environments. A deep understanding of web application security, secure architecture patterns, and common vulnerabilities like the OWASP Top 10 is required. Strong background in secure software development practices, particularly with GraphQL, Ruby on Rails, React, or similar web frameworks, is necessary. Experience with DevSecOps practices, security tooling, and building or maturing application-layer security programs, policies, or guidelines is also needed. Comfort working across cross-functional teams and influencing security is essential.

Responsibilities

The Senior Application Security Engineer will design and implement secure coding standards and tooling for application-layer security. They will conduct threat modeling and secure design reviews, manage the ethical hacker program, and handle third-party vulnerability reports. Responsibilities include leading regular code reviews, internal audits, and SAST/DAST efforts, performing internal pentests, and contributing to the definition and design of Healthie’s secure development lifecycle. The role involves administering and configuring security testing tools like Semgrep, partnering with teams to triage and remediate vulnerabilities, building incident response playbooks, supporting security investigations, and helping build a security champions program. Additionally, the engineer will ensure compliance with relevant standards such as HIPAA, SOC 2, and GDPR from a software security perspective.

Skills

Application Security
SDLC
Vulnerability Management
Cloud Infrastructure Security
Security Best Practices
API Security
Secure System Design

Healthie

Cloud-based EHR for wellness professionals

About Healthie

Healthie provides a software platform that helps wellness and healthcare professionals, such as nutritionists and therapists, manage their practices more effectively. The platform includes a cloud-based Electronic Health Record (EHR) system that simplifies administrative tasks like note-taking, client tracking, and e-faxing, allowing practitioners to focus on client care. Healthie operates on a subscription model, offering different tiers of service that scale with the needs of its users. This approach ensures that practitioners can access the tools they need without the hassle of physical installations, as everything is accessible online. Healthie stands out from competitors by ensuring compliance with major data protection regulations, providing a secure environment for sensitive information. The company's goal is to reduce the time spent on administrative work, enabling wellness professionals to grow their businesses and enhance client engagement.

New York City, New YorkHeadquarters
2016Year Founded
$40MTotal Funding
SERIES_BCompany Stage
Enterprise Software, HealthcareIndustries
51-200Employees

Benefits

Health Insurance
Dental Insurance
Vision Insurance
Life Insurance
Disability Insurance
401(k) Company Match
Paid Vacation
Paid Sick Leave
Paid Holidays
Parental Leave
Fertility Treatment Support
Wellness Program
Mental Health Support
Home Office Stipend
Flexible Work Hours
Remote Work Options
Hybrid Work Options

Risks

Increased competition from AI-powered tools like Verbal could pressure Healthie to innovate.
Rapid telehealth adoption may lead to market saturation, challenging differentiation.
Subscription-based revenue model could be risky during economic downturns.

Differentiation

Healthie offers a fully brandable suite of solutions for digital health organizations.
The platform is API-first, enabling seamless integration with other healthcare tools.
Healthie is HIPAA Compliant and SOC-2 Certified, ensuring top-grade security for data.

Upsides

Healthie raised $23M in Series B funding to accelerate product innovation.
Integration with Verbal AI reduces administrative workload and enhances compliance.
Partnership with OhMD improves patient communication through HIPAA-compliant text messaging.

Land your dream remote job 3x faster with AI