🛠 Tech Stack

💼 About This Role

You'll work hands-on with engineering teams to find and fix vulnerabilities and harden applications that handle sensitive patient data. Your work directly impacts major health systems like Cleveland Clinic and Duke.

🎯 What You'll Do

• Perform secure code reviews, threat modeling, and security design reviews.
• Automate and triage SAST, DAST, SCA, secret scanning tools in CI/CD pipelines.
• Work with engineering squads to fix security issues and track remediation.
• Support third-party penetration tests and vulnerability management workflows.

📋 Requirements

• 5+ years of experience in application security.
• Production code experience in Python, Go, Java, or TypeScript.
• Hands-on experience with threat modeling and secure code review.
• Working knowledge of OWASP Top 10 and common vulnerability classes.

✨ Nice to Have

• Experience in healthcare or health-tech with HIPAA Security Rule familiarity.
• Exposure to compliance frameworks like SOC 2 Type II or HITRUST.
• Relevant certifications such as OSCP, CSSLP, or CEH.

🎁 Benefits & Perks

• 🏖️ Flexible PTO
• 🏥 Expansive health/dental/vision coverage with 100% free options
• 💰 Employer HSA contributions
• 👶 Generous parental leave policy
• 🏠 Home office stipend and cell/internet reimbursement