Twin HealthRemote
Application Security Engineer
United States
Full Time
2 hours ago
$110,000 - $120,000 USD
No H1B
Key skills
PythonJavaBashAIAWSK8sDockerIAMSDLCCI/CDCommunicationCollaborationSnykCheckmarxOWASPPenetration TestingCloud SecurityWAF
About this role
Twin Health is a company focused on improving and preventing chronic metabolic diseases through AI Digital Twin technology. They are seeking a highly motivated Application Security Engineer to build and manage application and cloud security capabilities, ensuring the security of Twin Health’s systems and products as the company scales globally.
Responsibilities:
- Design, implement, and manage application and cloud security tooling across AWS, including Security Hub, GuardDuty, Macie, Inspector, and related automation
- Lead the deployment and configuration of Wiz CSPM, collaborating with infrastructure and DevOps teams to enhance visibility and remediation workflows
- Manage secure code scanning processes, integrating SAST (Static Analysis) and DAST (Dynamic Analysis) using Sonar Cloud to identify and remediate vulnerabilities early in the SDLC
- Develop automated pipelines and playbooks for vulnerability triage, remediation tracking, and reporting of metrics. (MTTD, MTTR)
- Partner with software engineering teams to embed security into CI/CD pipelines and promote secure coding practices
- Collaborate with the Security, IT, and GRC teams to ensure alignment with SOC 2, HIPAA, and SOX controls
- Contribute to threat modeling, code review, and incident response related to application vulnerabilities
- Evaluate and implement new security tools and processes to enhance the overall application security posture
- Support vendor risk assessments and penetration testing efforts related to application components
- Create and maintain security documentation, architecture diagrams, and operational runbooks
- Participate in on-call rotations as part of the broader security operations program
- Other duties as assigned
Requirements:
- Bachelor's degree in Computer Science, Information Security, or related field (or equivalent experience)
- 1-3+ years of experience in Application Security, DevSecOps, or Cloud Security Engineering roles
- Hands-on experience with AWS security services (Security Hub, GuardDuty, Inspector, Macie, IAM, KMS)
- Familiarity with Wiz or similar CSPM platforms
- Proven experience integrating SAST/DAST tools (e.g., Soar Cloud, Veracode, Snyk, Checkmarx, Burp Suite, etc.) into CI/CD pipelines
- Familiarity with Docker, K8S, and microservices-based architectures
- Experience with WAF, endpoint security, and IAM
- Strong understanding of secure software development lifecycle (SSDLC) and common vulnerabilities (OWASP Top 10, CWE, CVSS)
- Proficiency in at least one scripting or automation language (Python, Bash, or similar)
- Proficiency in Java
- Knowledge of threat modeling, code review, and cloud infrastructure security best practices
- Excellent collaboration and communication skills with both technical and non-technical stakeholders
- Experience with compliance frameworks such as SOC 2, HIPAA, or HiTrust is a plus
- Experience working in a high-growth or regulated environment is preferred