Application Security Engineer
Application Security Engineer
At Patientco, we are building the future of healthcare payments. Our technology is helping create a better payment experience for patients and in turn, providing incredible value to healthcare providers across the U.S. Whether you are customer facing or working diligently behind the scenes, everyone at Patientco plays a vital role in improving the healthcare experience of millions of people. It’s a big job, but we wouldn’t have it any other way!
As the Application Security Engineer you will be an integral part of the Engineering Team working directly with the Site Reliability and Security team as well as all developers and product managers to ensure that Patientco uses the best security practices for application development. You should have a passion for learning the latest in security and compliance practices because you will be responsible for building and operating the system that detects, prevents, and stops cyber threats targeting the healthcare, payment, and financial data in our SaaS platform.
Does that sound like you? Read on!
- BS degree (or comparable experience) with 3+ years in hands on software development
- Experience in Web Development/Full Stack development
- Experience performing security based code reviews
- In-depth knowledge of systems and security including cryptography, authentication protocols, intrusion detection systems, firewalls and VPNs
- History finding bugs and security flaws in all system layers to minimize risk within an organization
- Strong sense of curiosity
- Strong communication skills and willingness to proactively collaborate and effectively explain security concepts and technologies
- Ongoing excitement to learn, grow and improve
- Ability to use inductive reasoning, think analytically, and to confidently make decisions under time pressure
- Strong work ethic and ‘team-player’ mentality
- Strong organization and self-motivation
Bonus Points for
- Experience with cloud infrastructure providers, specifically AWS and Google Cloud
- Experience with modern container orchestration, specifically Kubernetes
- Hands-on experience with security tools such as Snyk, Claire, or Twistlock
- Define, maintain and implement application security best practices
- Create secure design patterns and execute training and awareness to engineering team
- Conduct architecture reviews and white box security testing to assess and validate application security
- Run security bounty programs (like HackerOne) and act as the lead engineer for formal penetration tests
- Explain and demonstrate vulnerabilities to application/system owners, provide recommendations for mitigation, and design solution prototypes and/or implement security enhancements
- Investigate incidents and lead response efforts while identifying methods to improve using modern security techniques like fuzzing, etc.
- Participate in building and maturing security engineering and operations
- Work with Product and Engineering teams to review new features from a security perspective
- Integrate security best practices and tooling into our CI/CD process, combining security with velocity.
We are a team at Patientco and that’s not just some corporate mumbo jumbo. We expect a ton out of everyone here but that’s what makes it great. The whole is far greater than the sum of its parts. We value excellent communication and collaboration skills, creative problem solving, empathy, open mindedness, extreme attention to detail, a healthy dose of grit and a good sense of humor.
We take care of our own at Patientco. Some of the highlights include our infamous “Free Food Fridays”, casual dress code, no vacation tracking, monthly social events, and of course a full benefits package including health/dental/vision/401k. Bottom line: it’s a great place to work!