Senior Security Engineer II, Application Security

Summary

Join Aledade as a Senior Security Engineer II for Application Security and be responsible for designing, implementing, and maintaining security services. You will leverage data and automation to improve security posture and collaborate cross-functionally. Lead incident response efforts, enhance security documentation, and mentor junior engineers. This role requires a BS/BTech in a related field and significant experience in application security, cloud-native environments, and secure SDLC/DevSecOps processes. Aledade offers a comprehensive benefits package including flexible work schedules, remote work options, health insurance, paid time off, parental leave, and more.

Requirements

• Hold a BS/BTech (or higher) in Computer Science, Information Technology, Cybersecurity or a related field, or have 10 years security domain experience without a degree
• Have 6+ years of experience in securing and deploying applications within Cloud Native environments
• Have 3+ years of experience in a dedicated application security role with focus on establishing secure SDLC and DevSecOps processes

Responsibilities

• Work cross-functionally to design, build, and operate solutions that continuously improve and automate our security capabilities
• Leverage data to understand trends, metrics, and opportunities to improve our security posture and then help execute on those opportunities with stakeholders
• Lead and enhance incident / issues response efforts, spearheading analysis, containment, and mitigation strategies in a cross-functional environment to ensure effective resolution and remediation of security incidents / issues
• Help craft and refine security documentation pertinent to our Security Program, such as policies, standards, baselines, and standard operating procedures
• Mentor and coach more junior engineers or analysts

Preferred Qualifications

• Have Application Security knowledge
• Have knowledge of health-tech systems, like Electronic Health Records, Clinical data, PHI, etc, direct experience preferred
• Have experience architecting, developing, and deploying large-scale distributed systems at scale
• Have extensive experience identifying, evaluating and triaging vulnerabilities with Static/Dynamic Application Security Testing (SAST/DAST) methodologies and tools
• Have proven experience conducting code reviews, and threat modeling
• Have extensive experience with developing automated security testing and validation systems using Terraform, Cloudformation, Python, etc
• Be proficient in coding languages such as Python, R, C++, Javascript
• Have extensive experience working in AWS/Azure/GCP software development environment
• Have proven experience with implementing security controls for web-based SaaS applications such as API Security, WAF, etc
• Have in-depth knowledge of AI/LLM and machine learning architectures and best practices for securing them
• Have in-depth knowledge of OWASP Top 10 vulnerabilities along with containment and remediation best practices
• Have strong familiarity with server-side web technologies (eg: Java, Python, Scala, C#, C++, Go)
• Have 4+ years of experience acting as a trusted technical decision-maker in a team setting, solving for short-term and long-term business value
• Have experience with health-tech systems, like Electronic Health Records, Clinical data, etc preferred

Benefits

• Flexible work schedules and the ability to work remotely are available for many roles
• Health, dental and vision insurance paid up to 80% for employees, dependents, and domestic partners
• Robust time off plan 21 days of PTO in your first year 2 Paid Volunteer Days & 11 paid holidays
• 12 weeks paid Parental Leave for all new parents
• 6 weeks paid sabbatical after 6 years of service
• Educational Assistant Program & Clinical Employee Reimbursement Program
• 401(K) with up to 4% match
• Stock options