Back to jobs

Application Security Engineer

Remote

RxSense is a high-growth healthtech company empowering clients and consumers with technology to access lower cost prescription drugs. Its transformative cloud-based enterprise platform enables clients to take control of their pharmacy benefits with fast, flexible and customizable solutions and real time data insights to improve operational and financial performance -- and ultimately deliver better care to patients nationwide. RxSense also owns and operates SingleCare, a free prescription savings service that offers consumers access to consistently low prices on prescription drugs. Through its partnerships with the country’s largest pharmacies and grocers, including CVS, Walgreens, Walmart, Kroger and Albertsons, SingleCare improves access and adherence to more affordable medications and has helped millions of Americans collectively save over $8 billion on their medications.

RxSense is a great place to work! Our company has earned recognition as one of Fast Company’s Most Innovative Companies, Forbes’ Top Startup Employers, Modern Healthcare's Best Places to Work in Healthcare, and Inc’s Best in Business and Best Workplaces.

 

Position Summary:

The Application Security Engineer position is a mid-tier role in the RxSense Information Security team that will focus on assessing and managing risks in the application security domain. In this role you will act as an application security SME on project teams and be responsible for performing various security touchpoints throughout the RxSense Software Development Lifecycle.

Must be aware of and comply with all aspects of the RxSense Information Security Program and the policies contained therein. Must always understand the importance of maintaining Information Security in all Business Operations.

Job Responsibilities:

  • Work with development and product teams to define security requirements and ensure they are followed
  • Partner with development and product teams to drive remediation of security gaps
  • Coordinate 3rd party penetration tests and work with internal teams to remediate findings
  • Perform architecture and design reviews on company applications
  • Monitor and analyze application security logs and events to detect and respond to security threats
  • Perform monitoring and management of Web Application Firewall
  • Interpret and manually validate Static Application Security Testing (SAST) results
  • Manage SAST, SCA and DAST tools to ensure comprehensive testing and remediation of findings
  • Analyze and report on risks discovered through application security testing
  • Participate on project teams as InfoSec representative
  • Ability to quickly adapt to changing priorities as business needs change
  • Excellent interpersonal and communication skills a must

Strengths:

  • Knowledge and experience with techniques, tools and practices pertaining to securing the SDLC (Software Development Lifecycle).
  • Experience with software development, programing, scripting.
  • Experience with OWASP ZAP or Burp Proxy
  • Experience with static application security testing tools
  • Knowledge and experience with implementing and managing web application firewalls
  • High level understanding of securing Cloud Platforms, AWS and GCP, cloud architecture
  • Although the position is in application security domain, a broad interest/experience across the whole security domain would be an advantage

Requirements:

  • BS in Information Systems preferred but appropriate experience is acceptable
  • 3+ years of experience in application security is required.
  • Must have the ability to identify, analyze and solve security risks pragmatically
  • Familiarity with web application architecture, APIs, and cloud environments
  • Experience with security standards and frameworks, such as OWASP, NIST, or CIS
  • Practical understanding of common application security vulnerabilities
  • Excellent problem-solving and analytical skills with demonstrated ability to investigate and solve complex problems
  • Excellent communication skills are needed with demonstrated ability to work with multiple organizational functions and levels
  • Certifications a plus; GWAPT, GWEB, CISSP, etc.

Salary Range: $120,000 - $135,000

 

RxSense believes that a diverse workforce is a more talented and productive workforce. As such, we are an Equal Opportunity and Affirmative Action employer. Our recruitment process is free from discriminatory hiring practices and all qualified applicants are considered for employment without regard to race, color, religion, sex, gender, sexual orientation, gender identity, ancestry, age, or national origin.  Neither will qualified applicants be discriminated against on the basis of disability or protected veteran status.  We believe in the strength of the collaboration, creativity and sense of community a diverse workforce brings. 

Apply for this job

*

indicates a required field

Resume/CV*

Accepted file types: pdf, doc, docx, txt, rtf

Cover Letter

Accepted file types: pdf, doc, docx, txt, rtf


Education

Select...
Select...
Select...
Select...
Select...

Select...
Select...

Voluntary Self-Identification

For government reporting purposes, we ask candidates to respond to the below self-identification survey. Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.

As set forth in RxSense’s Equal Employment Opportunity policy, we do not discriminate on the basis of any protected group status under any applicable law.

Select...
Select...
Race & Ethnicity Definitions

If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection. As a government contractor subject to the Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measure the effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA. Classification of protected categories is as follows:

A "disabled veteran" is one of the following: a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or a person who was discharged or released from active duty because of a service-connected disability.

A "recently separated veteran" means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.

An "active duty wartime or campaign badge veteran" means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.

An "Armed forces service medal veteran" means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.

Select...

Voluntary Self-Identification of Disability

Form CC-305
Page 1 of 1
OMB Control Number 1250-0005
Expires 04/30/2026

Why are you being asked to complete this form?

We are a federal contractor or subcontractor. The law requires us to provide equal employment opportunity to qualified people with disabilities. We have a goal of having at least 7% of our workers as people with disabilities. The law says we must measure our progress towards this goal. To do this, we must ask applicants and employees if they have a disability or have ever had one. People can become disabled, so we need to ask this question at least every five years.

Completing this form is voluntary, and we hope that you will choose to do so. Your answer is confidential. No one who makes hiring decisions will see it. Your decision to complete the form and your answer will not harm you in any way. If you want to learn more about the law or this form, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

How do you know if you have a disability?

A disability is a condition that substantially limits one or more of your “major life activities.” If you have or have ever had such a condition, you are a person with a disability. Disabilities include, but are not limited to:

  • Alcohol or other substance use disorder (not currently using drugs illegally)
  • Autoimmune disorder, for example, lupus, fibromyalgia, rheumatoid arthritis, HIV/AIDS
  • Blind or low vision
  • Cancer (past or present)
  • Cardiovascular or heart disease
  • Celiac disease
  • Cerebral palsy
  • Deaf or serious difficulty hearing
  • Diabetes
  • Disfigurement, for example, disfigurement caused by burns, wounds, accidents, or congenital disorders
  • Epilepsy or other seizure disorder
  • Gastrointestinal disorders, for example, Crohn's Disease, irritable bowel syndrome
  • Intellectual or developmental disability
  • Mental health conditions, for example, depression, bipolar disorder, anxiety disorder, schizophrenia, PTSD
  • Missing limbs or partially missing limbs
  • Mobility impairment, benefiting from the use of a wheelchair, scooter, walker, leg brace(s) and/or other supports
  • Nervous system condition, for example, migraine headaches, Parkinson’s disease, multiple sclerosis (MS)
  • Neurodivergence, for example, attention-deficit/hyperactivity disorder (ADHD), autism spectrum disorder, dyslexia, dyspraxia, other learning disabilities
  • Partial or complete paralysis (any cause)
  • Pulmonary or respiratory conditions, for example, tuberculosis, asthma, emphysema
  • Short stature (dwarfism)
  • Traumatic brain injury
Select...

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.