Senior Application Security Engineer

Senior Application Security Engineer 

Alma is seeking a mission-driven Senior Application Security Engineer to join our team.  We are dedicated to building secure and compliant tools and services which help mental healthcare providers more easily manage and grow their practice. In this role, you will help validate that our services, applications and web technologies are designed and implemented in a way that meets Alma’s security standards. You will help analyze, discover, and address security issues across our technical platform.

On this scaling team, you will have a strong hand in defining how Alma's engineering team approaches application security in the software development process. The ideal person for this role loves to work with other teams to design and build amazing security controls and automation.  

What you’ll do:

• Create, manage, and maintain the application security strategy and roadmap, tracking OKRs and work efforts over six quarters.
• Comfortable and excited to lead the application security domain, including managing and maintaining existing tools, executing domain strategies, and owning all aspects of application security.
• Develop, execute, and track the performance of security measures to protect Alma’s data, applications, and systems.
• Gain a deep understanding of Alma’s systems and architecture and the software development processes used to develop it.
• Provide subject matter expertise in the areas of secure coding, application authentication, encryption, AI, and quickly research and become competent in other areas as needed.
• Collaborate with teammates, PMs, and peers to design, develop and implement engineering’s technical security strategy and architecture.
• Collaborate with the Platform Infrastructure team to configure, troubleshoot, and maintain a security infrastructure that monitors and protects against security breaches and intrusions.
• Collaborate with the Developer Experience team to integrate security tools, workflows, and practices into development environments.
• Continually research current and emerging security threats and technologies, proposing changes and guidance that are most impactful.
• Develop appropriate technical solutions along with the latest security tools that help mitigate security vulnerabilities and also help automate repeatable activities.
• Build and provide high-quality application security documentation and training to engineers to set them up for success.
• Educate and train Alma engineering on information system security best practices using our security training solution as well as in-person and recorded training.
• Mature and execute the Threat Modeling program with engineers.
• Implement, manage, and maintain application security tools such as SAST and DAST scanners and own the workflow for remediation of findings.
• Assist with creating the reports for management regarding vulnerabilities, training, and other relevant metrics.

Who you are:

• You have 4+ years of experience working in an application security role.
• You strongly understand the security best practices for the development lifecycle (SDLC).
• You have expert knowledge of web application protocols.
• You have deep technical knowledge of Content Security Policies (CSP) and how to implement them.
• You have strong experience working with AI and understand the areas to focus on to secure it.
• You have expert understanding of application security testing tools like OWASP ZAP and Burpsuite.
• Expert understanding of the OWASP Top 10 and other application attacks.
• Experience installing and running a local developer environment for local testing of code.
• Deep technical knowledge of application development, operating system environments, and AWS cloud infrastructure as they pertain to application security.
• Implemented/managed SAST and DAST tools such as StackHawk and Snyk with more than a year experience in each type of tool.
• Familiarity with common security libraries and tools.

Benefits:

• We’re a remote-first company
• Health insurance plans through Aetna (medical and dental) and MetLife (vision), including FSA and HSA plans
• 401K plan (ADP)
• Monthly therapy and wellness stipends
• Monthly co-working space membership stipend
• Monthly work-from-home stipend
• Financial wellness benefits through Northstar
• Pet discount program through United Pet Care
• Financial perks and rewards through BenefitHub
• EAP access through Aetna
• One-time home office stipend to set up your home office
• Comprehensive parental leave plans
• 12 paid holidays and 1 Alma Give Back Day
• Flexible PTO 

Salary Band: $130,000 - $186,000

Alma’s compensation philosophy is driven by our company value of building equity. To best ensure pay equity, we typically bring in new hires near the middle of our listed salary bands and we do not negotiate our compensation (i.e. all people hired at the same level & role are brought in at the same salary, equity, and benefits). The recruiter you work with can provide more details on our philosophy.

All Alma jobs are listed on our careers page. We do not use outside applications or automated text messaging in our recruiting process. We will not ask for any sensitive financial or identification information throughout the recruiting process. Any communication during the recruitment process, including interview requests or job offers, will come directly from a recruiting team member with a helloalma.com email address.