Personalized mental health treatment for teens, young adults & families in crisis.

Lead Security Engineer

Security EngineerSecurity EngineerFull TimeRemoteTeam 501-1,000H1B No SponsorCompany Site LinkedIn

Location

United States

Posted

39 days ago

Salary

$180K - $240K / year

Bachelor Degree5 yrs expEnglishJavaNode.jsPythonSDLCType Script

Job Description

• Partner closely with engineering and product teams to embed secure development practices across the entire software development lifecycle (SDLC). • Be the subject matter expert on application security, guiding the business in building secure, scalable and HIPAA-compliant software solutions. • Collaborate with product and IT engineering teams to design secure applications and features. • Educate developers on secure coding practices and security testing. • Conduct code reviews, threat models and risk assessments to identify and mitigate vulnerabilities early. • Perform internal penetration testing and support incident response for application-level issues. • Continuously monitor the threat landscape to proactively adjust defenses and strategies. • Develop and implement tools and frameworks to integrate security into CI/CD pipelines. • Work with teams to build and enforce secure SDLC controls in a fast-paced agile environment. • Own and enhance application vulnerability management and remediation processes. • Lead implementation of security policies, standards and remediation processes. • Work cross-functionally to balance security risks with business objectives and product timelines. • Participate in security incident response, forensic investigations and security incident postmortems related to applications and systems.

Job Requirements

5+ years of experience in application security, secure software development, or related roles.
Bachelor’s degree in Computer Science or related field, or equivalent experience.
Proficiency in secure coding practices and languages such as TypeScript, Node, Python, Java, C++ or similar.
Ability to contribute code changes to production applications as needed, including debugging, fixing security vulnerabilities, and collaborating with engineering teams on secure feature development.
Hands-on experience with application security tools (e.g., Burp Suite, OWASP ZAP, Fiddler).
Deep understanding of web application vulnerabilities: XSS, CSRF, SQLi, session management, etc.
Experience implementing security in CI/CD pipelines such as GitHub Action and agile development workflows.
Familiarity with management and deployment of SAST, DAST, and SCA tooling
Knowledge of authentication technologies (i.e. Auth0, Okta, etc) and how to securely integrate them with applications
Strong communication skills with ability to clearly articulate risk to technical and non-technical audiences.