Key skills
AWSAzureIAMIdentity ManagementSDLCCI/CDStakeholder ManagementCommunicationOWASPPenetration TestingNetwork SecurityCloud Security
About this role
First Stop Health is on a mission to deliver affordable, delightful healthcare for all through connected virtual care solutions. They are seeking a Security Engineer to design, implement, and maintain security controls across the organization while partnering with various teams to strengthen security posture and support secure business operations.
Responsibilities:
- Lead application security initiatives including architecture reviews, threat modeling, code reviews, and penetration testing coordination
- Integrate security controls and testing into the SDLC and CI/CD pipelines
- Partner with development teams to remediate vulnerabilities and improve secure coding practices
- Champion secure design principles across web, mobile, API, and cloud-native applications
- Support implementation and operation of security testing tools including SAST, DAST, SCA, and secrets detection
- Perform and facilitate threat modeling exercises with development teams to identify potential attack vectors and prioritize risks
- Conduct risk assessments and provide actionable guidance to reduce application-level security risk
- Communicate risk findings clearly, balancing technical detail with business impact
- Design, implement, and maintain security controls across cloud, infrastructure, applications, and enterprise systems
- Participate in security architecture reviews and provide recommendations for risk reduction
- Evaluate and implement security technologies that improve organizational security posture
- Support identity and access management initiatives, including authentication, authorization, and privileged access controls
- Assess cloud environments for security risks and recommend remediation strategies
- Support cloud security initiatives including identity management, logging, monitoring, network security, and workload protection
- Identify, assess, prioritize, and track remediation of security vulnerabilities across applications, cloud environments, endpoints, and infrastructure
- Partner with system owners and engineering teams to ensure timely remediation of identified risks
- Assist with security investigations, incident response activities, and post-incident reviews
- Collaborate with security operations personnel to improve detection and response capabilities
- Lead application security assessments, including static and dynamic analysis, architecture reviews, and manual testing
- Perform and oversee code reviews to identify security vulnerabilities and design flaws
- Lead and coordinate penetration testing engagements, including scoping, execution, remediation validation, and reporting
- Serve as a trusted security advisor to internal teams, providing expert guidance on secure design, implementation, and remediation
- Develop and deliver security training and awareness content for developers and technical stakeholders
- Contribute to security documentation, standards, and internal knowledge bases
- Monitor relevant threat intelligence sources related to application and software supply chain risks
- Analyze emerging threats and vulnerabilities and communicate relevant findings to the Information Security team and other stakeholders
- Recommend enhancements to application security controls and practices based on evolving threats and industry trends
Requirements:
- Bachelor's degree or equivalent practical experience
- 5-8 years of experience in cybersecurity, information security, cloud security, application security, infrastructure engineering, or related technical disciplines
- Strong understanding of security principles across applications, cloud platforms, infrastructure, networks, and enterprise systems
- Strong experience performing security assessments and risk evaluations across applications, cloud platforms, and infrastructure
- Knowledge of security frameworks and standards such as NIST CSF, CIS Controls, OWASP, ISO 27001, and HIPAA
- Experience with vulnerability management and remediation processes
- Familiarity with security monitoring, incident response, and threat detection concepts
- Experience working in AWS and Azure environments
- Strong understanding of authentication, authorization, encryption, and identity management concepts
- Excellent communication and stakeholder management skills
- Strong application security experience including threat modeling, secure code review, penetration testing coordination, and secure SDLC practices
- Experience with SAST, DAST, SCA, container security, and software supply chain security tools
- Familiarity with DevSecOps practices and CI/CD security integrations
- Experience with security tooling such as SIEM, EDR, CSPM, IAM, and vulnerability management platforms
- Preferred Security+, Certified Application Security Engineer (CASE), Certified Secure Software Engineer Lifecycle Professional (CSSLP), etc