Application Security Engineer
Remote
Applications have closed
Hims & Hers
Hims is a one-stop telehealth service for men's wellness and care, providing treatment options for hair loss, ED & more.Hims & Hers Health, Inc. (better known as Hims & Hers) is a multi-specialty telehealth platform building a virtual front door to the healthcare system. Hims & Hers connects consumers to licensed healthcare professionals, enabling people to access high-quality medical care—from wherever is most convenient—for numerous conditions related to primary care, mental health, sexual health, skincare, and more. Launched in November 2017, the platform also offers thoughtfully created and curated health and wellness products. With products and services available across all 50 states and Washington, D.C., Hims & Hers’ mission is to make it easier for all Americans to access affordable care and treatment for conditions that impact their daily lives. In January 2021, the company was listed on the NYSE at an initial valuation of $1.6 billion and is traded under the ticker symbol “HIMS”. To learn more about our brand and offerings, you can visit forhims.com and forhers.com.
The Application Security Engineer will build and maintain secure distributed systems related to identity and access management, microservice security, web/mobile security, and much more. They will also integrate security features, tools, and validation/detection processes into the product development lifecycle. This role will work closely with Product and Engineering teams to develop tools and processes to automate the identification of security flaws, and identify effective mitigating controls where feasible in the application stack to build resilience into the products. The candidate will partner with Engineering Teams to diagnose, document, and remediate application security vulnerabilities. Additional responsibilities include evaluating, recommending, and implementing application security related solutions in an automated continuous integration/deployment environment. Further, the engineer must be comfortable leading and training developers in secure SDLC best practices. Candidates with strong communication, excellent creative problem-solving skills and experience working on cloud-based products will be most successful in this role.
Responsibilities:
- Build internal libraries and APIs that help our engineering teams leverage best practices in data security.
- Collaborate with Security, Engineering, Product, and Data teams to incorporate strong security controls, apply security best practices in our development life cycle, and mitigate risks and security vulnerabilities.
- Promote and drive the implementation of a data security architecture that supports Engineering’s and business’ goals and deliverables, through strategy, design, requirements, and code.
- Implement technical prototypes to understand new technologies as well as identify and manage risks for projects in active development.
- Contribute to improving the organization’s data security patterns, security controls and best practices.
- Mentor team members and engineers on security best practices.
You are a good fit if you have:
- 5+ years of software development experience.
- Experience creating public or internal APIs.
- A passion for and a solid understanding of what it takes to build and maintain secure, reliable, observable, and highly scalable systems in collaboration with multiple teams.
- Experience building software with Java, Kotlin, Golang, Rust, Python, or any other concurrency-friendly language.
- Ability to collaborate and provide clear point of view to multiple teams, ensuring results are aligned with company business objectives and delivered within planned timelines.
- Outstanding written and oral communications skills with the ability to develop internal processes and articulate assessment results.
Preferred skills:
- Prior experience in cloud-based product environments.
- Prior experience with modern application architecture (API based), and Web / Mobile applications preferred.
- Bachelor's degree in a relevant technical field/equivalent knowledge and experience.
- Experience with PostgreSQL or other relational databases.
- Familiarity with Cybersecurity Frameworks including OWASP Top 10 & ASVS, NIST 800-53, NIST CSF, CIS Top 20, MITRE ATT&CK, etc.
- Knowledge of cryptography, authentication/authorization, SSO, federation protocols and standards (SSL/TLS, SAML, OAuth2, JWT), microservice security, among others.
- Experience with implementing security controls for data governance laws such as HIPAA, SOC2, PCI, and GDPR.
- Certified in at least one or more of the following security certifications: CISSP, CISM, CEH, GCIH, GCSA, GCPN, GSEC.
Hims is an Equal Opportunity Employer and considers applicants for employment without regard to race, color, religion, sex, orientation, national origin, age, disability, genetics or any other basis forbidden under federal, state, or local law. Hims considers all qualified applicants in accordance with the San Francisco Fair Chance Ordinance.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: APIs Application security C CEH CISM CISSP Cloud Cryptography GCIH GDPR Golang Governance GSEC HIPAA Java Kotlin MITRE ATT&CK Mobile security NIST OWASP PostgreSQL Python Rust SAML SDLC SOC 2 SSO Strategy TLS Vulnerabilities
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Ethical hacker / Pentester H/F jobs
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Specialist jobs
- Open Product Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open Security Operations Analyst jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Agile-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open SaaS-related jobs
- Open Analytics-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Security Clearance-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open Malware-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs
- Open CEH-related jobs
- Open CI/CD-related jobs