Senior Application Security Engineer

Summary

Join House Rx as a seasoned Application Security Engineer to spearhead our security strategy, ensuring the delivery of secure, compliant, and robust software solutions. You will architect, implement, and continuously improve our secure software development practices. This role offers broad authority and requires expertise in TypeScript, Node.js, and AWS-native services. You will establish foundational security practices, lead threat modeling exercises, and select and deploy AppSec tools. Collaborate with engineering teams to enhance security controls and educate them on secure development practices. Lead vulnerability management and incident response efforts.

Requirements

• 5+ years of experience in application security or a strong engineering background with deep security expertise
• Expert-level proficiency with TypeScript, Node.js, and AWS (especially IAM, API Gateway, Lambda, EKS)
• Hands-on experience selecting and managing security tooling (Semgrep, Snyk, CodeQL, etc.) with clearly articulated rationale
• A pragmatic approach to security - balancing robust protections with practical engineering constraints and rapid product development
• Strong communication skills and a passion for embedding security into engineering culture

Responsibilities

• Build Our AppSec Program : Establish foundational security practices, policies, tooling, and enforcement mechanisms from the ground up
• Technical Leadership : Develop secure-by-default patterns and frameworks specifically for our TypeScript/Node.js codebase
• Security Reviews and Threat Modeling : Lead comprehensive threat modeling exercises, secure code reviews, and architecture assessments for platform services and product features
• Tooling & Automation : Select, deploy, and operationalize essential AppSec tools (e.g., SAST, SCA, secrets scanning, fuzzing) suitable for our current and future scale
• AWS Environment Hardening : Collaborate closely with engineering teams to enhance IAM controls, data encryption strategies, secure deployment pipelines, and logging mechanisms
• Secure Development Practices : Educate and mentor engineering teams through playbooks, checklists, training, and best practices
• Vulnerability Management : Lead vulnerability intake, triage, and remediation processes, providing clear guidance and tracking to resolution
• Incident Response : Serve as the Application Security SME during security incidents, partnering closely with IT and compliance teams to address issues rapidly and effectively

Preferred Qualifications

Bonus points for experience building security programs within regulated industries (healthtech, fintech, etc.)

Benefits

• Flexible work hours and flexible paid time off
• Generous parental leave
• Comprehensive healthcare, vision and dental benefits
• Competitive salary and equity stake