Senior Application Security Engineer

ABOUT THE ROLE:

As Rightway's first dedicated Application Security Engineer, you'll take a pivotal role in fortifying our healthcare navigation and pharmacy benefits management platforms. Your mission will be to secure our applications, enhancing the digital safety of our members and partners. You'll be pioneering security solutions for our B2B and B2C applications, dealing with intricate SAML and OAuth flows that support a seamless user experience. We deeply believe in mentorship and learning from each other, so you can expect to both guide and be guided on your journey with us!

WHAT YOU’LL DO:

• Lead the management of vulnerabilities for web and mobile applications, employing both conventional (SaST, SCA, DaST) and advanced (IAST, RASP) techniques.
• Analyze application code for vulnerabilities both in native code and through invocation of  third party libraries using tools such as Snyk, SonarQube.
• Spearhead the scoring and triage of vulnerabilities, applying context to CVSS scores and utilizing threat intelligence, and other measures of exploitability (e.g., EPSS)  to prioritize real risks over false positives.
• Integrate security practices and standards into the Secure Software Development Life Cycle (SDLC), promoting secure coding across development teams.
• Collaborate with development teams to provide guidance on secure coding practices and assist in remediating identified vulnerabilities.
• Offer expert guidance on identity management solutions including nuanced use of Auth0 and FusionAuth to broker complex SAML 2.0 and OAuth connections for B2B and B2C.
• Evaluate security postures of mobile applications, considering the unique security challenges of iOS/Android platforms.
• Partner closely with Product and Development Teams to drive Security by Design into formal processes, advising on application security from feature to delivery. 
• Conduct threat modeling, manage risk, and shape technical designs.
• Develop and refine security testing methodologies.
• Ensure standardization of application logs and automates log analysis.

WHO YOU ARE: 

• 10 years of experience, with at least 5 years in a dedicated Application Security Role. 
• Maintains an application security certification such GWEB, CASE, CSSLP, CASS, CEH. 
• Proficient in backend languages, for example Ruby, Node.JS, Java, C#.  
• Possesses advanced knowledge of SAML 2.0, OAuth, OIDC flows at the protocol level. 
• Have deep understanding of the architecture of web/mobile applications from a security perspective including front end, back-end/API, authentication, and session management.
• An expert in OWASP top 10 attack vectors and associated mitigations and remediations. 
• Operated in one or more regulated environments (e.g., healthcare, finance, education) 
• Able to explain nuanced application and security concepts to diverse stakeholders.
• A proactive team player with a positive and collaborative approach, ready to take on independent challenges

BASE SALARY: $148,000 - $190,000

CYBERSECURITY AWARENESS NOTICE

In response to ongoing and industry-wide fraudulent recruitment activities (i.e., job scams), Rightway wants to inform potential candidates that we will only contact them from the @rightwayhealthcare.com email domain. We will never ask for bank details or deposits of any kind as a condition of employment. If you have any questions about a suspicious interaction with Rightway, please feel free to reach out to us at hr@rightwayhealthcare.com.

ABOUT RIGHTWAY:

Rightway is on a mission to harmonize healthcare for everyone, everywhere. Our products guide patients to the best care and medications by inserting clinicians and pharmacists into a patient’s care journey through a modern, mobile app. Rightway is a front door to healthcare, giving patients the tools they need along with on-demand access to Rightway health guides, human experts that answer their questions and manage the frustrating parts of healthcare for them.

Since its founding in 2017, Rightway has raised over $130mm from investors including Khosla Ventures, Thrive Capital, and Tiger Global at a valuation of $1 billion. We’re headquartered in New York City, with a satellite office in Denver. Our clients rely on us to transform the healthcare experience, improve outcomes for their teams, and decrease their healthcare costs.

HOW WE LIVE OUR VALUES TO OUR TEAMMATES:

We’re seeking those with passion for healthcare and relentless devotion to our goal. We need team members who will:

• We are human first

Our humanity binds us together. We bring the same empathetic approach to every individual we engage with, whether it be our members, our clients, or each other. We are all worthy of respect and understanding and we engage in our interactions with care and intention. We honor our stories. We listen to—and hear—each other, we celebrate our differences and similarities, we are present for each other, and we strive for mutual understanding. 

• We redefine what is possible 

We always look beyond the obstacles in front of us to imagine new solutions. We approach our work with inspiration from other industries, other leaders, and other challenges. We use ingenuity and resourcefulness when faced with tough problems.

• We debate then commit 

We believe that a spirit of open discourse is part of a healthy culture. We understand and appreciate different perspectives and we challenge our assumptions. When working toward a decision or a new solution, we actively listen to one another, approach it with a “yes, and” mentality, and assume positive intent. Once a decision is made, we align and champion it as one team.

• We cultivate grit 

Changing healthcare doesn’t happen overnight. We reflect and learn from challenges and approach the future with a determination to strive for better. In the face of daunting situations, we value persistence. We embrace failure as a stepping stone to future success. On this journey, we seek to act with guts, resilience, initiative, and tenacity.

• We seek to delight

Healthcare is complicated and personal. We work tirelessly to meet the goals of our clients while also delivering the best experience to our members. We recognize that no matter the role or team, we each play a crucial part in our members’ care and take that responsibility seriously. When faced with an obstacle, we are kind, respectful, and solution-oriented in our approach. We hold ourselves accountable to our clients and our members’ success. 

Rightway is a healthcare company looking to improve healthcare outcomes for everyone, everywhere. With that in mind, we have to consider what is good for the health of our team, the company, and the communities we operate in. As such, Rightway has determined a mandatory COVID-19 vaccination policy for all employees, in combination with other safety precautions, is the best way forward.

Rightway is PROUDLY an Equal Opportunity Employer that believes in strength in the diversity of thought processes, beliefs, background and education and fosters an inclusive culture where differences are celebrated to drive the best business decisions possible. We do not discriminate on any basis covered by appropriate law. All employment is decided on the consideration of merit, qualifications, need and performance.