Senior Software Engineer, Security

NexHealth is a healthcare technology company focused on connecting patients, providers, and developers through modern infrastructure solutions. The Senior Software Engineer, Security will be responsible for application security across the product platform, ensuring secure systems are designed and built while collaborating with product engineering teams.

Responsibilities:

• Design and build secure systems across our APIs, EHR integrations, payments infrastructure, and SaaS products
• Lead threat modeling and security design reviews for new features — embedded in the development process, not bolted on at the end
• Identify and remediate vulnerabilities in application code, dependencies, and infrastructure
• Improve authentication, authorization, and access control systems across our platform (OAuth, RBAC, service-to-service auth)
• Integrate and maintain security tooling in our CI/CD pipelines — SAST, DAST, dependency scanning
• Contribute to secure coding standards, internal libraries, and developer-facing security frameworks
• Support HIPAA and SOC 2 compliance through strong system design and documentation
• Help raise the security bar across the engineering org through code reviews, education, and pairing with developers

Requirements:

• 5+ years of software engineering experience, with 1–3+ years focused on application or product security
• Experience building and securing backend systems in Python, Go, Java, or similar languages
• Solid understanding of common vulnerabilities and mitigations (OWASP Top 10 and beyond)
• Hands-on experience securing APIs and implementing authentication/authorization systems (OAuth 2.0, JWT, RBAC)
• Experience working in cloud environments — we run on AWS and Google Cloud
• Familiarity with security tooling: SAST, DAST, dependency scanning
• Bachelor's degree in Computer Science, Engineering, or equivalent practical experience