דרושים » אבטחת מידע וסייבר » Application Security Engineer

Required Application Security Engineer
The Gist
We are one of the fastest-growing healthtech companies, building the technology that connects every part of the healthcare ecosystem. Were solving one of the toughest problems in healthcare: how to make systems, apps, and data truly interoperable.
Our platform enables real-time collaboration between doctors and innovators, with secure data exchange and workflow integrations that happen directly inside clinical systems. In simple terms: we help healthcare work better. By streamlining workflows and reducing complexity, we help organizations focus on what really matters - delivering better care for patients.
Connect & Canvas
At the heart of our platform is Connect, a connectivity layer that links healthcare applications to patient healthcare management systems providers use in real time. Its designed for scale, reliability, and developer experience, powering millions of data interactions every day.

With our recently launched developer platform, were expanding that capability to innovators everywhere, making it possible to build healthcare applications that plug directly into real-world clinical workflows. Our team leads the way in designing, architecting, and scaling these products, experimenting fast, shipping with impact, and shaping the future of healthcare connectivity.
The Role
The ideal candidate will have a strong background in application security, coupled with expertise in product security, infrastructure management, and DevOps practices.
You should be comfortable wearing multiple hats and thrive in a fast-paced, collaborative environment.
Pioneer new approaches to application security, including leveraging AI for advanced automations and process optimizations.
If you're ready to push the boundaries of application security and contribute to a culture of uncompromising quality, we want you on our team.
Join us in our relentless pursuit of robust security and a continuously hardening application landscape.
What you will do
Conduct internal penetration testing against our applications and APIs.
Design, build, and implement the Secure SDLC process, integrating security into all stages of the software development lifecycle.
Evaluate product design and architecture against security best practices, offering guidance on prioritization and remediation.
Build and automate security testing as part of our CICD pipeline and cloud environments based on automation workflows leveraging AI.
Develop and lead projects, implementing various security tools and technologies, such as: AI agents context-aware, SAST, SCA, vulnerability scanners, and Kubernetes (K8s) security tooling.
Mentor development teams through training and hackathons.
Support security incident response in a cross-functional environment.

Were looking for a Staff Application Security Engineer to join our IT and Security team. This role is ideal for a hands-on security professional who is passionate about working closely with engineering teams to design secure software, fix vulnerabilities, and promote a culture of security across the organization.
Youll be responsible for shaping and owning our Secure Software Development Lifecycle (SSDLC), managing security tooling, and leading the assessment of application and API security across our products and services.
Here are a few of the things you will do:
Collaborate directly with engineering teams to define remediation strategies, track implementation, and validate security fixes across the application stack.
Design, implement, and drive SSDLC practices across the companyfrom security design reviews and threat modeling to proactive triaging in production.
Conduct threat modeling, architecture reviews, and security assessments of cloud-based applications and services, including those leveraging emerging technologies.
Manage our bug bounty program, validating reports and coordinating response and resolution.
Own and operate our suite of AppSec tools including SAST, ASPM, and other security scannerstriaging findings, prioritizing issues, and guiding engineering toward resolution.
Review source code and applications to identify vulnerabilities and collaborate with dev teams on remediation.
Act as the point of contact for findings from penetration tests, automated scanners, and external assessments, helping manage triage and ensure timely fixes.
Continuously research and stay current with application security trends, frameworks, vulnerabilities, and best practices.
Promote a strong security culture across by educating and enabling engineers, architects, and DevOps teams to build secure software from the ground up.

Our Security Engineer
Job Description
Join our Internal Platform Engineering team! As a Security Engineer, you'll be at the forefront of developing and implementing security capabilities to support secure and efficient service delivery. You'll be responsible for ensuring that the tools, approaches, and infrastructure used meet the highest security standards. In your day-to-day, you will:
Drive the development of new security capabilities to support delivery and ensure that the tools and approaches used are effective
Support the efficient delivery of services by employing industry best practices for the automated build and deployment of security infrastructure and code
Support Cloud Technology deployments, lift and shift migrations and transformation of Cloud solutions that manage hybrid and on-premises infrastructure
Assist with the execution of architecture blueprints and brings security into a DevOps mindset and culture
Collaborate with Product teams to support the evaluation of planned changes, to minimize security risk
Provide advice on security to contribute to different projects and product development.

Were looking for an Application Security Researcher with strong penetration testing skills and a solid development or research background to join our Security Research team. This is a critical role where youll work closely with developers and researchers to build application security platform.

Responsibilities
What Youll Be Doing

Be a key member of OX research team building our vulnerability management platform, focusing on vulnerability exploitation analysis
Evaluate open source intelligence feeds and vulnerability knowledge base
Develop unique detection engines to enhance dynamic application security testing (DAST) solution
Take active part of the ideation process and prototyping of new features and product offerings

We're looking for an Infrastructure Security Architect to join us. In this role, you will design and validate secure cloud and corporate infrastructures, drive security best practices, and solve complex network and cloud-security challenges across the organization.
Responsibilities:
Design and architect secure infrastructures across cloud, and corporate environments, with strong emphasis on scalable AWS networking.
Lead network-security architecture reviews for new and existing technologies, systems, and product features.
Develop and maintain security reference architectures, guidelines, and best practices for cloud and network environments.
Review, design, and enhance cloud network architecture (VPC topology, segmentation, routing, connectivity, hardening).
Evaluate and run PoCs for security and cloud-networking products to strengthen our companys cloud security posture.
Perform Infra threat modeling and risk assessments for network and cloud architecture designs.
Collaborate with DevOps, SRE, R&D, and IT to integrate security into infrastructure design, deployments, and engineering processes.
Troubleshoot complex network and cloud-security issues across corporate and product environments.
Oversee IoT network security, including segmentation and monitoring strategies.
Provide clear, structured feedback to product teams on architecture, design trade-offs, and real-world operational impact.
Act as a senior escalation point for network-related security alerts and incident response within the security operations team.

We're looking for an Application Security Researcher to join us. In this critical role, you will assist us in validating our services and environments according to the highest security standards. Also, You will work closely with our R&D and Product teams, and solve complex security problems.
Responsibilities:
Continuously checking and improving security measures to protect our systems.
Reviewing system architecture, design, and code to find and fix security weaknesses before they become a problem.
Helping developers follow secure coding practices and learn how to prevent security risks.
Staying updated on new security threats and best practices to keep our security standards high.
Contributing to our companys security research blog.

Were hiring a Senior Security Engineer to help shift security left across product and platform teams, while also supporting internal corporate security needs. Youll drive impact through enablement, automation, and practical risk reduction.
Why this role matters?
Youll secure both what we build and how we work. That means embedding security into our products and CI/CD, and also supporting internal teams.
Security here is not a gate; its a force multiplier. Youll help engineering teams move faster safely, and ensure our colleagues have a secure foundation to do their best work.
Success means faster, safer releases and fewer reactive security escalations.
What will you do?
As a Senior Security Engineer, your mission will be to:
Partner with developers to embed security into design, build, and deploy stages
Automate vulnerability triage and mitigation flows
Secure CI/CD pipelines (GitHub, Jenkins) and execution environments (Kubernetes, Docker)
Tune WAFs, manage cloud security (AWS, GCP, Azure), and evolve Terraform practices
Support internal teams with secure production accesses, endpoint hardening, and access policies
Lead security reviews across app, infra, and corporate environments
Advocate for security standards with clarity and empathy.

If you're looking for an exciting opportunity to make a significant impact and grow with a passionate team, we are the place to be.
What Youre About::
As a Security Research Engineer, you will be a driving force behind innovation, researching and prototyping the next generation of security features for our AI-native ASPM platform. This role is directly shaping the future of our product and the security industry.
You'll work on novel solution approaches to application security that go beyond traditional AppSec tooling, implementing POCs for advanced prevention, detection, triage, and remediation features.
This role combines deep security research with hands-on engineering. You'll prototype new capabilities, validate their effectiveness, and work with product and engineering teams to bring successful POCs into the platform. It requires both security expertise and strong building skills.

Were looking for a highly skilled Cybersecurity Governance, Risk, and Compliance Engineer with strong technical and hands-on cybersecurity expertise. This role bridges the gap between compliance and technology ensuring that GRC frameworks are not just compliant on paper but effective in practice across infrastructure, SaaS, and cloud environments.
As the Cybersecurity GRC Engineer you will oversee the technical execution of GRC initiatives, collaborating with cross-functional teams (Security Engineering, IT, DevOps, Product) to drive resilience, risk reduction, and audit readiness across the organization.
Reporting line: GRC Director
What you will do:
Collaborate with R&D and DevOps teams to integrate security into development and deployment processes.
Perform technical risk assessments, vulnerability trend analysis, and threat modeling to ensure risk registers reflect the true security posture.
Lead security awareness and social-engineering simulations, correlating campaign results with real technical findings (phishing, MFA bypass, insider threat trends).
Initiate and coordinate offensive security activities including penetration testing, red teaming, and vulnerability assessments to proactively identify and mitigate risks.
Support incident response readiness by integrating lessons learned into policy, control design, and awareness materials.
Leverage AI to automate GRC reporting, surface risk insights, and maintain intelligent dashboards integrated with platforms like ServiceNow, Jira, and internal data sources.
Partner with Security Engineering and IT teams to ensure consistent endpoint hardening, patch management, and configuration compliance.
Coordinate DR exercises and tabletop simulations, track findings, and oversee remediation to strengthen resilience.
Prepare for and support internal and external audits, including SOC 2, ISO 27001, NYDFS, and customer due-diligence requests.