Application Security Engineer (Remote)

San Francisco Bay Area

Applications have closed
Truepill logo


Digital healthcare infrastructure for more accessible and affordable care. Learn more.

View all employer listings

At Truepill, we are transforming consumer healthcare. Through our digital health platform, we empower our partners to deliver world-class healthcare experiences. With over 10 million prescriptions shipped and a valuation of $1.6 billion, we are proud to work with many of the world’s largest healthcare organizations. We never settle for how it’s done today. We invent how it will be done tomorrow.
None of this is possible without the right team driving us forward. We are committed to creating an environment focused on racial and gender equality, inclusion, empowerment and respect. We believe that when our teams feel supported and inspired, they turn that creativity into innovation. The type of innovation that benefits all of our people, our partners, and consumers.
We encourage our team members to expand their horizons and bring their passion and curiosity to work, every day. Come join us. Let’s build something great together.

What You'll Be Doing:

  • Provide technical direction with respect to development and execution of application security offerings, including threat modeling and assessments of applications & microservices and Truepill infrastructure using a range of manual and automated code review analysis methods
  • Perform security architecture reviews of application designs, cloud infrastructure, identifying threats and vulnerabilities to Truepill systems; provide security recommendations and aligning them to GRC risk ranking systems
  • Integrate security tools and processes into build pipelines, perform penetration testing and architect and build security into applications and infrastructure, adhering to compliance requirements
  • Utilize offensive security & penetration testing experience to drive security posture improvements across the organization
  • Conduct black box testing, code reviews, automation, threat modeling and research to reduce risk to Truepill microservices and Infrastructure
  • Implement information security policies, controls and systems adhering to Governance, Risk and Compliance standards.
  • Prioritize, lead, and perform advanced penetration testing for network, web applications & microservices, business applications, and cloud infrastructure
  • Define the secure baseline and secure configuration required for production systems at Truepill
  • Assess Identity and Access Management IAM systems to ensure policies are built by principles of least privilege
  • Perform threat modeling using STRIDE/DREAD or similar methodologies

What You'll Need:

  • Application vulnerability assessments using manual or automated pen testing/code review techniques
  • Good understanding of networking fundamentals (e.g. OSI Model, TCP/IP, DNS, SSL)
  • Infrastructure as code/package management: Terraform, CloudFormation, Ansible, Chef, HelmSource Code Management: Git, BitBucket etc
  • Application security testing tools utilized: (SAST, DAST, IAST, OSA, etc.)
  • General *nix and system administration knowledge (Ubuntu/RHEL etc.)
  • Scripting knowledge for security testing and API integrations (Python, Bash, PowerShell, Go etc.)
  • Experience supporting GRC adherence from an application security and infrastructure standpoint; codifying controls based on standards like HIPAA HITRUST, PCI-DSS, SOX, SOC2, NIST ISO27000.Cloud IaaS
  • Security Experience: AWS, GCP, Azure, OCP etc
  • Security Information & Event Management Experience: ELK, Splunk, LogRhythm etc..Runtime Security Tool Expertise: e.g. OSSEC, HIDS, Runtime Security, EDR, AV Snort etc
  • Firewalls & Access Control Lists, Web Application Firewalls; building policies and analyzing flows using SIEM, tcpdump, Wireshark etc
  • Secrets management experience (policy, rbac, hierarchy): Vault, CyberArk, BeyondTrust etc
  • Continuous Integration: Azure DevOps, Jenkins, Bamboo, CircleCI etc
  • Architecture threat modeling using STRIDE/DREAD or similar methodologies to determine appropriate hardening and controls
  • Must have worked in agile development teams in a DevSecOps or application security role
  • Understanding of containers, container orchestration and microservices architecture (docker, Kubernetes etc.)
Truepill is proud to be an Equal Employment Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics.
* Salary range is an estimate based on our salary survey at
Job perks/benefits: Health care
Job region: North America
Job country: United States
Job stats:  10  0  0

Other jobs like this

Explore more Remote Work and WFH career opportunities

Find open roles in Engineering, Design, Data, Marketing, Sales, Operations, Support and more, filtered by job title or popular skill, toolset and products used.