Back to jobs

Senior Engineer, App Security

Remote

We’re building infrastructure for modern healthcare delivery

Traditional healthcare is plagued with outdated, monolithic EHRs designed to maximize billing outcomes. Patient outcomes and provider experiences have been afterthoughts, as these systems have bolted on non-API-first solutions. None of this is built for how clinically excellent healthcare is actually delivered—longitudinally and collaboratively, with the patient at the center.

Healthie is the world’s leading API-first, ONC-Certified EHR for healthcare delivery outside of the hospital. We provide the powerful infrastructure every scaling organization needs—EHR, scheduling, patient engagement, billing, and more—all accessible via modern APIs and a white-labeled UI. Our platform makes it simple for organizations of any size to launch, customize, and scale their care delivery models without reinventing the wheel.

Today, over 1 billion API calls are made to Healthie every month, as thousands of organizations—working with more than 13 million patients in total—rely on Healthie to deliver care across a spectrum of specialties, from preventative health and wellness to complex chronic care management.

We believe in the power of technology to improve access to healthcare—and we’re building the rails that make this a reality. We work fast and with quality because we provide business-critical, healthcare-critical software that clinicians and patients need for a better healthcare system. We’re customer-obsessed, operate with lightning-fast processes and responses, make our product roadmap public so customers can see what we’re building, and remain relentlessly focused on how care gets delivered.

Healthie is backed by leading investors, and while we've $42M raised to date, more importantly, we operate with fiscal responsibility and have been profitable for more than half of our time as a company.

Learn more at https://www.gethealthie.com/

About the role

We are hiring a Senior Application Security Engineer to join our Platform Engineering team at Healthie! In this role, you will serve as a security and technical contributor, responsible for safeguarding our application layer and driving security best practices across the engineering organization.

You’ll partner closely with platform, infrastructure and core engineering teams to design secure-by-default systems, embed security into our SDLC, and proactively identify and remediate vulnerabilities in our code and cloud infrastructure. This is a hands-on role, ideal for someone who is excited to contribute to security programs in a fast-moving startup environment and help shape the future of security at Healthie.

As our first dedicated AppSec hire, you’ll have the opportunity to continue to refine our secure development lifecycle, influence architectural decisions, and champion a culture of security awareness across the company.

If you're passionate about building impactful systems, driving innovation, and making a difference in healthcare — we’d love to hear from you.

Details, details

  • This is a full-time, remote position located in the United States
  • The base salary for this role is $180,000 - $200,000 per year plus equity & company bonus, benefits
  • U.S. work authorization is required and Healthie does not provide sponsorship.

What You'll Do

  • Design and implement secure coding standards and tooling for application-layer security
  • Conduct threat modeling and secure design reviews; manage ethical hacker program and third-party vulnerability reports
  • Lead regular code reviews, internal audits, and dynamic/static analysis efforts
  • Proficient at performing internal pentests
  • Contribute to the definition and design of Healthie’s secure development lifecycle (S-SDLC), including integration of security into CI/CD workflows
  • Administer, configure, and maintain Semgrep and other static and dynamic application security testing (SAST/DAST) tools to ensure continuous and effective code security
  • Partner with Engineering and Product teams to triage and remediate vulnerabilities quickly and safely
  • Build incident response playbooks for application-layer threats and support security investigations
  • Help build and promote a security champions program
  • Help ensure Healthie remains compliant with relevant standards (e.g., HIPAA, SOC 2, GDPR) from a software security perspective

About You

  • 5+ years of experience in application or product security roles, preferably in high-growth, cloud-native environments
  • Deep understanding of web application security, secure architecture patterns, and common vulnerabilities (e.g., OWASP Top 10, CIS controls, SANS Secure Coding Practices, etc.)
  • Strong background in secure software development practices, particularly in GraphQL, Ruby on Rails, React, or similar web frameworks
  • Experience with DevSecOps practices and security tooling
  • Experience building or maturing application-layer security programs, policies, or guidelines
  • Comfortable working across cross-functional teams and influencing security decisions without formal authority
  • You are mission-driven, passionate about healthcare, and motivated to build systems that improve patient safety and data integrity
  • Bonus: Experience with healthcare-specific security practices and compliance audits (e.g., SOC 2, HIPAA)

Interview Process

  • Quick chat with Katie, Director of Talent (20 minutes)
  • Interview with Sherilyn, Engineering Manager for Platform (30 minutes)
  • Take Home Assessment - completed asynchronously
  • Technical Interview with Chris and Andrew, Engineers for Platform (1 hour)
  • Leadership Interviews:
    • Interview with John N, VP Security & Compliance (30 minutes)
    • Interview with John B, Director, Engineering (30 minutes)
    • Behavioral Executive Interview with Cavan, CTO + cofounder- (20 minutes)
  • Reference checks

To learn more about Working at Healthie & our benefits, click here.

Healthie participates in e-verify

Healthie is committed to equal employment opportunity. All qualified applicants will receive consideration for employment without regard to and will not be discriminated against based on age, race, gender, color, religion, national origin, sexual orientation, gender identity, veteran status, disability or any other protected category. We're proud to be building a diverse and inclusive environment that encourages collaboration, creativity, and growth. Whatever your background, please apply if this is a role that would make you excited to come into work every day. 

Create a Job Alert

Interested in building your career at Healthie? Get future opportunities sent straight to your email.

Apply for this job

*

indicates a required field

Resume/CV*

Accepted file types: pdf, doc, docx, txt, rtf

Cover Letter

Accepted file types: pdf, doc, docx, txt, rtf

Voluntary Self-Identification

For government reporting purposes, we ask candidates to respond to the below self-identification survey. Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.

As set forth in Healthie’s Equal Employment Opportunity policy, we do not discriminate on the basis of any protected group status under any applicable law.

Select...
Select...
Race & Ethnicity Definitions

If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection. As a government contractor subject to the Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measure the effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA. Classification of protected categories is as follows:

A "disabled veteran" is one of the following: a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or a person who was discharged or released from active duty because of a service-connected disability.

A "recently separated veteran" means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.

An "active duty wartime or campaign badge veteran" means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.

An "Armed forces service medal veteran" means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.

Select...

Voluntary Self-Identification of Disability

Form CC-305
Page 1 of 1
OMB Control Number 1250-0005
Expires 04/30/2026

Why are you being asked to complete this form?

We are a federal contractor or subcontractor. The law requires us to provide equal employment opportunity to qualified people with disabilities. We have a goal of having at least 7% of our workers as people with disabilities. The law says we must measure our progress towards this goal. To do this, we must ask applicants and employees if they have a disability or have ever had one. People can become disabled, so we need to ask this question at least every five years.

Completing this form is voluntary, and we hope that you will choose to do so. Your answer is confidential. No one who makes hiring decisions will see it. Your decision to complete the form and your answer will not harm you in any way. If you want to learn more about the law or this form, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

How do you know if you have a disability?

A disability is a condition that substantially limits one or more of your “major life activities.” If you have or have ever had such a condition, you are a person with a disability. Disabilities include, but are not limited to:

  • Alcohol or other substance use disorder (not currently using drugs illegally)
  • Autoimmune disorder, for example, lupus, fibromyalgia, rheumatoid arthritis, HIV/AIDS
  • Blind or low vision
  • Cancer (past or present)
  • Cardiovascular or heart disease
  • Celiac disease
  • Cerebral palsy
  • Deaf or serious difficulty hearing
  • Diabetes
  • Disfigurement, for example, disfigurement caused by burns, wounds, accidents, or congenital disorders
  • Epilepsy or other seizure disorder
  • Gastrointestinal disorders, for example, Crohn's Disease, irritable bowel syndrome
  • Intellectual or developmental disability
  • Mental health conditions, for example, depression, bipolar disorder, anxiety disorder, schizophrenia, PTSD
  • Missing limbs or partially missing limbs
  • Mobility impairment, benefiting from the use of a wheelchair, scooter, walker, leg brace(s) and/or other supports
  • Nervous system condition, for example, migraine headaches, Parkinson’s disease, multiple sclerosis (MS)
  • Neurodivergence, for example, attention-deficit/hyperactivity disorder (ADHD), autism spectrum disorder, dyslexia, dyspraxia, other learning disabilities
  • Partial or complete paralysis (any cause)
  • Pulmonary or respiratory conditions, for example, tuberculosis, asthma, emphysema
  • Short stature (dwarfism)
  • Traumatic brain injury
Select...

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.