Director AppSec

United States

Full Time Executive-level / Director
Elemy logo


List of open positions | Elemy

View all employer listings

Apply now Apply later

Who We Are at Elemy:

Elemy, formerly Sprout Therapy, is building the first managed marketplace for in-home chronic medical care, starting with pediatric autism.  Over 1.5M children in the US are affected by autism, and nearly 30% of families are dissatisfied with the care they receive. Elemy is working tirelessly to change this by providing in-home care and leveraging cutting edge AI-powered technology to deliver a better experience to families, providers, and healthcare payers.

Today’s US Child Care industry for autism, ADHD, and other developmental delays is a $38B market that is heavily fragmented and skewed towards in-clinic care. Elemy is looking to change the developmental delay care industry for the better by putting families and children at the center of what Elemy does. Elemy is bringing ABA care to family homes, and providing more resources and tools for therapists to give the best care possible.

Since launching in April 2020, Elemy has become one of the fastest growing healthcare companies in the United States, scaling from 4 to over 1,000 team members in under 18 months, and on track to grow revenue by over 600% this year. The company is backed by leading investors in healthcare and technology, including General Catalyst, Founders Fund, SignalFire,, 8VC, Felicis Ventures, and Bling Capital. 

What You’ll Do

  • Be responsible for development and operation of the Application Security Consulting function which helps assure that our applications are designed securely
  • Be responsible for development and operation of the AppSec program, which will help our globally distributed team of developers code all Elemy applications as securely as they can be built
  • Be responsible for development and operation of the Elemy Bug Bounty Program, which will be the flagship though which we use outside security researchers to determine the security of our application and operational software stack
  • Work with diverse leaders and subject matter experts within DevOps, to build an aligned strategy for protecting our application stack
  • Provide technical direction to the AppSec team around capabilities such as application threat modeling, manual secure code review, advanced threat hunting techniques, source code scanning and others 
  • Run day to day operations including performing threat modeling on the application design, manual code review of in-house developed and advanced penetration testing techniques to identify the vulnerabilities which cannot be reported by automated source code scanners
  • Build and lead a robust team of application architecture consultants and AppSec specialists and coordinate with partners and vendors as part of our larger AppSec ecosystem.
  • Launch and manage our Bug Bounty program, in concert with senior DevOps leaders
  • Assist with executive communication to senior leadership on status of Application Security programs

About the Role

These are all high impact functions, which directly impact the security of the services that Elemy delivers, and which have an equally direct impact on the ability of our customers to trust us.  While the primary groups that you will be interacting with are the DevOps and SRE teams, you will also find yourself working with other groups both inside Engineering and more widely across the company.  This is a critical position and you will need all of your people, program and technical leadership skills in order to be successful.  

What You’ll Need

  • At least ten years of multifaceted IT experience, preferably in cybersecurity and related experience
  • Exposure to application security vulnerability frameworks such as OWASP Top 10 and SANS Top 25, security testing methodologies and commercial and open source tools such as Fortify, WebInspect, Burp Suite, Nexus and more
  • Programming experience with at least one of the following: Java/J2EE, JavaScript, Python, C++, Go, etc. and experience in performing manual secure code review of popular web application programming languages (Java, JavaScript, Angular, Python, etc.)
  • Understanding of Authentication, Authorization mechanism programmatically across different web technologies and protocols (SSL/TLS, REST, OAuth, SAML etc.)
  • Experience with application development build pipelines, automation, CI/CD and successfully building security review processes and tools into those
  • Solid understanding of threat modeling
  • Knowledge on large scale cloud-based services PaaS, container security and very good understanding of security challenges involve in deploying cloud and container applications
  • Experience in facilitating technical conversations between engineering and operations teams
  • Experience handling relationships with and addressing senior management
  • Strong planning and project management skills
  • Solid people and team management experience

At Elemy, we are a globally distributed team with many of our team members located throughout the world, including in the following cities: San Francisco, New York, Los Angeles, Miami, Toronto, Montreal, and Kyiv. While everyone currently works remotely, we envision a future that balances face to face collaboration with a remote friendly environment.

Job region(s): Remote/Anywhere
Job stats:  131  2  0
  • Share this job via
  • or

Explore more Information Security career opportunities