Senior Engineer, App Security
We’re building infrastructure for modern healthcare delivery
Traditional healthcare is plagued with outdated, monolithic EHRs designed to maximize billing outcomes. Patient outcomes and provider experiences have been afterthoughts, as these systems have bolted on non-API-first solutions. None of this is built for how clinically excellent healthcare is actually delivered—longitudinally and collaboratively, with the patient at the center.
Healthie is the world’s leading API-first, ONC-Certified EHR for healthcare delivery outside of the hospital. We provide the powerful infrastructure every scaling organization needs—EHR, scheduling, patient engagement, billing, and more—all accessible via modern APIs and a white-labeled UI. Our platform makes it simple for organizations of any size to launch, customize, and scale their care delivery models without reinventing the wheel.
Today, over 1 billion API calls are made to Healthie every month, as thousands of organizations—working with more than 13 million patients in total—rely on Healthie to deliver care across a spectrum of specialties, from preventative health and wellness to complex chronic care management.
We believe in the power of technology to improve access to healthcare—and we’re building the rails that make this a reality. We work fast and with quality because we provide business-critical, healthcare-critical software that clinicians and patients need for a better healthcare system. We’re customer-obsessed, operate with lightning-fast processes and responses, make our product roadmap public so customers can see what we’re building, and remain relentlessly focused on how care gets delivered.
Healthie is backed by leading investors, and while we've $42M raised to date, more importantly, we operate with fiscal responsibility and have been profitable for more than half of our time as a company.
Learn more at https://www.gethealthie.com/
About the role
We are hiring a Senior Application Security Engineer to join our Platform Engineering team at Healthie! In this role, you will serve as a security and technical contributor, responsible for safeguarding our application layer and driving security best practices across the engineering organization.
You’ll partner closely with platform, infrastructure and core engineering teams to design secure-by-default systems, embed security into our SDLC, and proactively identify and remediate vulnerabilities in our code and cloud infrastructure. This is a hands-on role, ideal for someone who is excited to contribute to security programs in a fast-moving startup environment and help shape the future of security at Healthie.
As our first dedicated AppSec hire, you’ll have the opportunity to continue to refine our secure development lifecycle, influence architectural decisions, and champion a culture of security awareness across the company.
If you're passionate about building impactful systems, driving innovation, and making a difference in healthcare — we’d love to hear from you.
Details, details
- This is a full-time, remote position located in the United States
- The base salary for this role is $180,000 - $200,000 per year plus equity & company bonus, benefits
- U.S. work authorization is required and Healthie does not provide sponsorship.
What You'll Do
- Design and implement secure coding standards and tooling for application-layer security
- Conduct threat modeling and secure design reviews; manage ethical hacker program and third-party vulnerability reports
- Lead regular code reviews, internal audits, and dynamic/static analysis efforts
- Proficient at performing internal pentests
- Contribute to the definition and design of Healthie’s secure development lifecycle (S-SDLC), including integration of security into CI/CD workflows
- Administer, configure, and maintain Semgrep and other static and dynamic application security testing (SAST/DAST) tools to ensure continuous and effective code security
- Partner with Engineering and Product teams to triage and remediate vulnerabilities quickly and safely
- Build incident response playbooks for application-layer threats and support security investigations
- Help build and promote a security champions program
- Help ensure Healthie remains compliant with relevant standards (e.g., HIPAA, SOC 2, GDPR) from a software security perspective
About You
- 5+ years of experience in application or product security roles, preferably in high-growth, cloud-native environments
- Deep understanding of web application security, secure architecture patterns, and common vulnerabilities (e.g., OWASP Top 10, CIS controls, SANS Secure Coding Practices, etc.)
- Strong background in secure software development practices, particularly in GraphQL, Ruby on Rails, React, or similar web frameworks
- Experience with DevSecOps practices and security tooling
- Experience building or maturing application-layer security programs, policies, or guidelines
- Comfortable working across cross-functional teams and influencing security decisions without formal authority
- You are mission-driven, passionate about healthcare, and motivated to build systems that improve patient safety and data integrity
- Bonus: Experience with healthcare-specific security practices and compliance audits (e.g., SOC 2, HIPAA)
Interview Process
- Quick chat with Katie, Director of Talent (20 minutes)
- Interview with Sherilyn, Engineering Manager for Platform (30 minutes)
- Take Home Assessment - completed asynchronously
- Technical Interview with Chris and Andrew, Engineers for Platform (1 hour)
- Leadership Interviews:
- Interview with John N, VP Security & Compliance (30 minutes)
- Interview with John B, Director, Engineering (30 minutes)
- Behavioral Executive Interview with Cavan, CTO + cofounder- (20 minutes)
- Reference checks
To learn more about Working at Healthie & our benefits, click here.
Healthie participates in e-verify
Healthie is committed to equal employment opportunity. All qualified applicants will receive consideration for employment without regard to and will not be discriminated against based on age, race, gender, color, religion, national origin, sexual orientation, gender identity, veteran status, disability or any other protected category. We're proud to be building a diverse and inclusive environment that encourages collaboration, creativity, and growth. Whatever your background, please apply if this is a role that would make you excited to come into work every day.
Create a Job Alert
Interested in building your career at Healthie? Get future opportunities sent straight to your email.
Apply for this job
*
indicates a required field