Logo
MedReview

MedReview is hiring: Application Security Engineer in New York

MedReview, New York, NY, United States


Working Conditions: Full-time (M-F), Office Business Settings. This is an On-Premises position. Monday through Thursday (9-5) and remote on Fridays only.

Position
Summary:
As a Senior Application Security Engineer, your role involves close collaboration with software development teams to ensure the safety of our customers during the development of innovative services. On any given day, your tasks may include code inspections to identify security issues, the development of new frameworks to enhance the speed and security of software development, and fine-tuning service designs in collaboration with software developers.

We are looking for a seasoned Senior Application Security Engineer to lead MedReview's application security initiatives. You will be responsible for the strategic implementation of security measures to protect MedReview's applications and data, while mentoring junior engineers and shaping our security posture as well as identifying and removing bottlenecks for your teammates, both in process and technology

As a Senior Application Security Engineer, you will be dedicated to developing, implementing, and advocating for the right level of security integration within our software development lifecycle (SDLC). You will lead efforts in identifying, evaluating, and mitigating security risks related to application development and deployment, ensuring that our applications, services, and infrastructure are designed and implemented securely.

Job Responsibilities:

  • Work closely with development teams to integrate security into the SDLC and to implement secure coding practices, developing security training and guidance as necessary.
  • Participate in incident response activities for application security incidents, including root cause analysis and identification of remediation strategies.
  • Evaluate, implement, and manage security tools and technologies to improve the detection and prevention of vulnerabilities.
  • Assist in development of security processes and automated tooling that prevent classes of security issues.
  • Autonomously solve security problems that require novel methods or approaches
  • Support and consult with product and development teams in the area of application security, including threat modeling and AppSec reviews
  • Assist teams in reproducing, triaging, and addressing application security vulnerabilities.


Required Experience:
  • 5+ years' experience in an application security role with a focus on software development.
  • Advanced knowledge of application security principles, frameworks, and technologies such as OWASP Top 10, SANS Top 25, etc.
  • Able to communicate complex security issues and risks in a clear, concise manner to both technical and non-technical audiences.
  • Excellent critical thinking and problem-solving skills, with the ability to think strategically and act tactically.
  • Familiarity with a wide variety of security tools, technologies, and methodologies.
  • Scripting/development experience (e.g. Python, Java, Ruby, etc.)
  • Background in Application Security - OWASP Top 10, XSS, injection, access control, cryptography, static analysis security testing (SAST), dynamic analysis security testing (DAST), security libraries
  • Background in software engineering or development in a collaborative environment. Go, Python are preferred.
  • Lead the development and implementation of secure-by-default solutions across various applications and platforms. Has experience implementing secure by default framework, libraries, and solutions
  • Perform secure design reviews and threat models with staff engineers and architects on complex systems
  • Working with team members to develop and document security standards and policies that align with HITRUST
  • Familiarity with regulatory requirements (HITRUST, HIPAA, SOC2, etc.).
  • Availability to work nights and weekends during (un)planned outages and other special circumstances, with 24/7 accountability.
  • Availability to enter on call rotation.
  • Ability to lift 50 lbs.


Benefits and perks include:
  • Healthcare that fits your needs - We offer excellent medical, dental, and vision plan options that provide coverage to employees and dependents.
  • 401(k) with Employer Match - Join the team and we will invest in your future
  • Generous Paid Time Off - Accrued PTO starting day one, plus additional days off when you're not feeling well, and 11 observed holidays.
  • Wellness - We care about your well-being. From Commuter Benefits to FSAs we've got you covered.
  • Learning & Development - Through continued education/mentorship on the job and our investment in LinkedIn Learning, we're focused on your growth as a working professional.

Salary 145k-160k