[Hiring] Staff Engineer, App Security @Healthie

Role Description

We are hiring BOTH a Senior (and a Staff level) Application Security Engineer to join our Platform Engineering team at Healthie! In this role, you will serve as a security and technical contributor, responsible for safeguarding our application layer and driving security best practices across the engineering organization.

• Partner closely with platform, infrastructure, and core engineering teams to design secure-by-default systems.
• Embed security into our SDLC and proactively identify and remediate vulnerabilities in our code and cloud infrastructure.
• Refine our secure development lifecycle and influence architectural decisions.
• Champion a culture of security awareness across the company.

If you're passionate about building impactful systems, driving innovation, and making a difference in healthcare — we’d love to hear from you.

Qualifications

• 5+ years of experience in application or product security roles, preferably in high-growth, cloud-native environments.
• Deep understanding of web application security, secure architecture patterns, and common vulnerabilities (e.g., OWASP Top 10, CIS controls, SANS Secure Coding Practices, etc.).
• Strong background in secure software development practices, particularly in GraphQL, Ruby on Rails, React, or similar web frameworks.
• Experience with DevSecOps practices and security tooling.
• Experience building or maturing application-layer security programs, policies, or guidelines.
• Comfortable working across cross-functional teams and influencing security decisions without formal authority.
• You are mission-driven, passionate about healthcare, and motivated to build systems that improve patient safety and data integrity.
• Bonus: Experience with healthcare-specific security practices and compliance audits (e.g., SOC 2, HIPAA).

Requirements

• Design and implement secure coding standards and tooling for application-layer security.
• Conduct threat modeling and secure design reviews; manage ethical hacker program and third-party vulnerability reports.
• Lead regular code reviews, internal audits, and dynamic/static analysis efforts.
• Proficient at performing internal pentests.
• Contribute to the definition and design of Healthie’s secure development lifecycle (S-SDLC), including integration of security into CI/CD workflows.
• Administer, configure, and maintain Semgrep and other static and dynamic application security testing (SAST/DAST) tools to ensure continuous and effective code security.
• Partner with Engineering and Product teams to triage and remediate vulnerabilities quickly and safely.
• Build incident response playbooks for application-layer threats and support security investigations.
• Help build and promote a security champions program.
• Help ensure Healthie remains compliant with relevant standards (e.g., HIPAA, SOC 2, GDPR) from a software security perspective.

Benefits

• This is a full-time, remote position located in the United States.
• The base salary for this role is:
  • Senior: $185,000 - $205,000 per year plus equity & company bonus, benefits.
  • Staff: $205,000 - $235,000 per year plus equity & company bonus, benefits.
• U.S. work authorization is required and Healthie does not provide sponsorship.

Interview Process

• Quick chat with Katie, Director of Talent (15 minutes).
• Hiring Manager interview with Chris (30 minutes).
• Pairing Interview with Michael and Andrew, Engineers for Platform (1 hour).
• Leadership Interviews:
  • Interview with John N, VP Security & Compliance (30 minutes).
  • Interview with John B, Distinguished Engineer (30 minutes).
  • Interview with Cavan, CTO + cofounder (20 minutes).
• Reference checks.