Senior Application Security Engineer

Job Description

• Alma is seeking a mission-driven Senior Application Security Engineer to join our team • Dedicated to building secure and compliant tools and services which help mental healthcare providers more easily manage and grow their practice • Help validate that Alma’s services, applications, and web technologies meet Alma’s security standards • Analyze, discover, and address security issues across Alma’s technical platform • Define how Alma's engineering team approaches application security in the software development process • Collaborate with other teams to design and build security controls and automation • Develop, execute, and track security measures to protect Alma’s data, applications, and systems • Gain a deep understanding of Alma’s systems and architecture and the software development processes used

Qualifications

• You have 4-7 years of experience working in an application security role, including familiarity with common security libraries and tools, and an expert knowledge of web application protocols • You strongly understand security best practices for the development lifecycle (SDLC) • You have deep technical knowledge of Content Security Policies (CSP) and how to implement them • You have expert understanding of application security testing tools like OWASP ZAP and Burpsuite • You have experience writing code and scripts for application security testing • You have expert understanding of the OWASP Top 10 and other application attacks • You have experience installing and running a local developer environment for local testing of code • You have deep technical knowledge of application development, operating system environments, and AWS cloud infrastructure as they pertain to application security • You have personally implemented/managed SAST and DAST tools such as StackHawk and Snyk • You have experience identifying security issues through threat modeling and code reviews • You have experience building and maintaining security systems that can scale, with high levels of automation while fully owning projects from inception to completion • You have strong communication skills and can convey complex technical topics to non-technical stakeholders clearly and concisely • You enjoy user-centered software development and actively work closely with a team of engineers, designers, and product managers

Benefits

• We’re a remote-first company • Health insurance plans through Cigna (medical and dental) and MetLife (vision), including FSA and HSA plans • 401K plan (Roth and traditional) • Monthly therapy and wellness stipends • Monthly co-working space membership stipend • Monthly work-from-home stipend • Financial wellness benefits through Northstar • Pet discount program through United Pet Care • Financial perks and rewards through BenefitHub • EAP access through Cigna • One-time home office stipend to set up your home office • Comprehensive parental leave plans • 11 paid holidays, 1 Alma Mental Health Day, and 1 Alma Volunteering Day • Flexible PTO