Key skills
Application securitySecure software developmentThreat modelingDevSecOps practicesWeb application securityStatic/Dynamic analysisGraphQLRuby on RailsReactSecurity awarenessHealthcare complianceRubyRailsSDLCCI/CDOWASP
About this role
Healthie is the world’s leading API-first, ONC-Certified EHR for healthcare delivery outside of the hospital. They are seeking a Senior/Staff Application Security Engineer to safeguard the application layer and drive security best practices across the engineering organization.
Responsibilities:
- Design and implement secure coding standards and tooling for application-layer security
- Conduct threat modeling and secure design reviews; manage ethical hacker program and third-party vulnerability reports
- Lead regular code reviews, internal audits, and dynamic/static analysis efforts
- Proficient at performing internal pentests
- Contribute to the definition and design of Healthie’s secure development lifecycle (S-SDLC), including integration of security into CI/CD workflows
- Administer, configure, and maintain Semgrep and other static and dynamic application security testing (SAST/DAST) tools to ensure continuous and effective code security
- Partner with Engineering and Product teams to triage and remediate vulnerabilities quickly and safely
- Build incident response playbooks for application-layer threats and support security investigations
- Help build and promote a security champions program
- Help ensure Healthie remains compliant with relevant standards (e.g., HIPAA, SOC 2, GDPR) from a software security perspective
Requirements:
- 5+ years of experience in application or product security roles, preferably in high-growth, cloud-native environments
- Deep understanding of web application security, secure architecture patterns, and common vulnerabilities (e.g., OWASP Top 10, CIS controls, SANS Secure Coding Practices, etc.)
- Strong background in secure software development practices, particularly in GraphQL, Ruby on Rails, React, or similar web frameworks
- Experience with DevSecOps practices and security tooling
- Experience building or maturing application-layer security programs, policies, or guidelines
- Comfortable working across cross-functional teams and influencing security decisions without formal authority
- You are mission-driven, passionate about healthcare, and motivated to build systems that improve patient safety and data integrity
- Experience with healthcare-specific security practices and compliance audits (e.g., SOC 2, HIPAA)