Security Engineer: App Sec Lead
Location: Remote (US Only) or in-office option in San Francisco or New York
The Mission: Join us in building the core infrastructure that enables the mass delivery of clinical AI across American healthcare. Your work will directly translate into improving patient outcomes by accelerating access to treatment and massively increasing operational efficiency for healthcare workers.
What We Look for in a Great Application Security Engineer
We are looking for an application security engineer who is excited about building a program from scratch hand in hand with our amazing engineering team. If the following things excite you, you should apply!
You see a greenfield in application security and can imagine what the end product would like and how to get us there.
Getting your hands dirty in the code base (NodeJS/Typescript/Python), including even fixing some findings or contributing to some secure libraries, and eventually being an architect for our secure development libraries sounds like an amazing time.
No process for things is simply an opportunity to partner with the right engineers and leaders to build security process
Firing up your favorite pentesting tools and poking at the codebase yourself to see if you can find a vulnerability or two (hopefully no more than that)
In the near future, turning around and helping hire the rest of the application security team at Latent as the company grows
What You'll Work On (Responsibilities)
As the first dedicated application security engineer, you will be
Choosing the right App Sec tools for our environment to make code secure before it is shipped and working with engineering to role them out widely
Create and mature processes around core pillars of Latent’s security program: vulnerability management, architecture reviews, pentesting, and threat modeling
Doing code reviews and even a little bug fixing yourself (we are a startup after all)
Helping build and POC new secure ways of writing code (validation libraries, improvements to authentication/authorization practices, encryption SDKs for developers)
Helping re-imagine permissioning and authorization for users of the Latent platform
Working alongside engineers to balance business requirements with the right security controls
Creating a mature pentesting and/or bug bounty program to validate production code is secure
Bringing security checks and tooling to the places that developers work (AI-based IDEs, CI/CD, ect..)
Technical Qualifications & Environment
You should have experience creating, building, or scaling (or all three) a hands-on application security program in an organization that is cloud first.
Primary Coding Language: Javascript (NodeJS/Typescript) and Python
Experience doing threat modeling and architecture reviews
Experience working with engineering and technical leadership to build security processes like vulnerability management
Deep understanding of web and api-based security vulnerabilities (how to spot them, how to fix them, and what patterns need to be created to counter them)
Experience architecting (and maybe even building) access management and authorization systems
Bonus Points: You dabble in other areas of security (Cloud, IT, GRC ect..), have a little bit of knowhow in security detection and response, or have worked in a HIPAA-compliant environment.