Elation HealthRemote
Associate Application Security Engineer
United States of America
Full Time
5 hours ago
H1B Sponsor Likely
Key skills
Application securityWeb application securityAPI securityOWASP Top 10SASTSCADASTIaC scanningContainer scanningSecurity observabilitySecure SDLCThreat modelingSecurity design reviewsVulnerability managementPythonJavaScriptOAuth2OIDCSSOSecure API designMulti-tenant SaaS architecturesSIEMIPSWAFSASENetwork vulnerability scanningPHI protectionPII protectionAIOpenAIAnthropicSaaSSDLCCollaborationOWASP
About this role
Elation Health is a clinical-first technology company dedicated to strengthening primary care. They are seeking an Associate Application Security Engineer to help secure their web applications, APIs, and patient-facing experiences, ensuring that security is integrated into their development processes.
Responsibilities:
- Assist with secure design and implementation reviews for new and existing features across web applications, APIs, and backend services
- Monitor, triage, and help remediate findings from security tooling
- Get familiar with our security technologies and processes
- Work with feature teams to understand exploitability, prioritize fixes, and track closure of vulnerabilities in alignment with internal SLAs
- Implement an enterprise security control and configure it for long-term observability
- You're assisting in applying key application security processes
- You're helping shape technical direction for secure, AI-native, product-critical services handling sensitive data
- You're supporting evidence collection for compliance audits
- You've built strong partnerships with product, support, infrastructure, and IT to help identify and triage vulnerabilities and quickly resolve issues
- The security improvements you've implemented are measurably reducing risk
- You’re independently reviewing and triaging security alerts
Requirements:
- Experience securing web applications and APIs, including a strong grasp of common vulnerabilities (e.g., OWASP Top 10) and practical mitigations
- Hands-on experience with application security tooling (e.g., SAST, SCA, DAST, IaC/container scanning) and/or observability for security-relevant signals
- Ability to communicate complex security and technical problems clearly to both technical and non-technical audiences
- Exposure with secure SDLC practices such as threat modeling, security-focused design reviews, and vulnerability management
- Track record of delivering high-quality, pragmatic security outcomes in collaboration with product and engineering teams
- Enthusiasm and interest in technology in general and securing systems
- Exposure to building or securing systems with AI/LLMs (e.g., OpenAI, Anthropic)
- Familiarity with OAuth2/OIDC, SSO, secure API design, and multi-tenant SaaS architectures
- Experience with coding languages such as Python and JavaScript
- Hands-on experience with security monitoring tooling (e.g., SIEM, IPS, WAF, SASE, Network Vulnerability Scanning) and/or observability for security-relevant signals
- Knowledge of US healthcare industry, PHI/PII protection, and health tech