Application Security Engineer

Are you an Application Security Engineer who is passionate about empowering engineering teams to build secure software? Redox is searching for an exceptionally talented Application Security Engineer to join our Security Team. In this role, you will set the direction for our application security processes, tools, and capabilities. Redox is an engineering-first company, building the future of healthcare information exchange,the platform to help power healthcare companies and applications to work together!

What You'll Do:

• Be an active voice in our small, focused security team as the primary engineer responsible for Application and Product Security.
• Coordinate and manage our penetration testing and bug bounty programs.
• Empower Redox to reduce avoidable vulnerabilities introduced into code, reduce the time to detect vulnerabilities that do exist, and mitigate vulnerabilities detected as quickly as possible.
• Approach securing our company pragmatically, empathizing with engineers, developers and security champions to understand their needs.
• Perform risk assessments, threat models and code reviews for our application.
• Communicate issues and progress on complex problems in terms easily understood by stakeholders. 
• Support and build valuable training activities that uplift developer awareness of secure coding practices.
• Build and maintain tools that detect potential security issues within our development pipeline.
• Maximize security impact and reduce risk while minimizing the negative impact on our businesses and developer velocity.
• Mentor and guide engineering teams on best practices for keeping our applications secure.

Your Background and Experience:

• Knowledge of current application security vulnerabilities, how to detect them, how to prevent them and how to create awareness of them. 
• Proficiency and hands-on experience using tools to which can detect security vulnerabilities, both statically and dynamically.
• Experience securing Javascript, NodeJS and Typescript applications.
• Experience with containerized and application mesh architectures.
• Ability to communicate complex security threats and risks into simple terms for non-security (and even non-technical) stakeholders. 
• Ability to be an individual contributor as well as a team player
• Experience with manual and automated techniques for penetration testing and executing vulnerability assessments.
• Coding/scripting experience in modern scripting languages (e.g. Python, Ruby, etc.)
• Experience running threat modeling sessions with engineering teams.

Bonus Points!

• Securing applications based on AWS Technologies.
• Offensive security (OSCP) certifications.
• Docker/K8 hardening experience.

Please keep reading...Research shows that while men apply to jobs when they meet an average of 60% of the criteria, women and other marginalized folks tend to only apply when they check every box. So if you think you have what it takes, but don't necessarily meet every single point on the job description, please still get in touch. We'd love to have a chat and see if you could be a great fit. https://hbr.org/2014/08/why-women-dont-apply-for-jobs-unless-theyre-100-qualified
About Redox - Take a look here: https://youtu.be/4OjENXR6UXA
What We DoHealthcare organizations and technology vendors connect to Redox once, then authorize what data they send to and receive from partners through a centralized hub. Redox's cloud-based platform is vendor and standards agnostic and enables the secure and efficient exchange of healthcare data.
This approach eradicates the need for point-to-point integrations and accelerates the discovery, adoption, and distribution of patient and provider-facing technology solutions. With hundreds of healthcare organizations and technology vendors exchanging data today, Redox represents the largest interoperable network in healthcare. Learn how you can leverage the Redox platform at www.redoxengine.com.
Other Stuff About UsRedox is an EEO company. We fully support the diversity of our team! Here's a recent blog post about our stance on diversity and belonging: Diversity at Redox
We believe in holding ourselves to a high standard of conduct. Here's how we think about this: Redox Code of Conduct
Successful candidates must be eligible to be employed in the US, and must reside in the US.
Thank you for your interest in Redox!