Senior Application Security Engineer

Summary

Join Modernizing Medicine (ModMed) as a Senior Application Security Engineer! You will play a crucial role in enhancing the security of our applications by collaborating with development and engineering teams. Your responsibilities will include conducting application security testing, integrating security best practices, implementing SAST and SCA tools, performing threat modeling, and developing security standards. This is a high-impact opportunity within a fast-paced healthcare IT company. ModMed offers a competitive benefits package, including comprehensive medical, dental, and vision benefits, a 401(k) matching contribution, generous paid time off and parental leave, life and disability insurance, professional development opportunities, and a supportive work environment.

Requirements

• Bachelor's degree in Computer Science, Information Systems, or a related field, or equivalent experience
• 5+ years of experience in application security, with strong knowledge of secure coding practices and application security frameworks
• Experience with SAST/SCA tools (e.g., Snyk, Checkmarx, or similar), including integration and remediation support
• Strong understanding of the OWASP Top Ten, secure design principles, and best practices for preventing common vulnerabilities
• Experience in threat modeling and a solid grasp of risk assessment methodologies
• Programming skills for security code review (e.g., Python, Java, JavaScript) and familiarity with cloud security, preferably in AWS environments
• Excellent communication and collaboration skills to effectively work with cross-functional teams and convey complex security concepts

Responsibilities

• Conduct application security testing, including Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST), identifying vulnerabilities and working with development teams to remediate them
• Partner with software engineers to integrate security best practices, review code for potential security issues, and support secure design in new applications and features
• Support the rollout of Snyk for SAST and Software Composition Analysis (SCA), focusing on accurate detection of vulnerabilities in code and third-party libraries
• Perform threat modeling and risk assessment exercises to identify security risks early in the development process
• Contribute to the creation and enforcement of application security standards and policies, ensuring consistent security practices across development teams
• Assist in investigating and responding to application-related security incidents, performing root cause analysis, and implementing solutions to prevent reoccurrence

Benefits

• Comprehensive medical, dental, and vision benefits, including a company Health Savings Account contribution
• 401(k): ModMed provides a matching contribution each payday of 50% of your contribution deferred on up to 6% of your compensation. After one year of employment with ModMed, 100% of any matching contribution you receive is yours to keep
• Generous Paid Time Off and Paid Parental Leave programs
• Company paid Life and Disability benefits, Flexible Spending Account, and Employee Assistance Programs
• Company-sponsored Business Resource & Special Interest Groups that provide engaged and supportive communities within ModMed
• Professional development opportunities, including tuition reimbursement programs and unlimited access to LinkedIn Learning
• Global presence and in-person collaboration opportunities; dog-friendly HQ (US), Hybrid office-based roles and remote availability for some roles
• Weekly catered breakfast and lunch, treadmill workstations, Zen, and wellness rooms within our BRIC headquarters