Requirements and responsibilities
OverviewWe are looking for an Application Security Engineer to help secure Anomaly's products, platforms, and development lifecycle. In this role, you will partner closely with Engineering, Infrastructure, and Product teams to identify and mitigate security risks across our applications and cloud environments while enabling rapid product innovation.You will be responsible for embedding security into every stage of the software development lifecycle, helping engineers build secure systems by default. This includes performing security reviews, threat modeling new features, improving detection and remediation processes, and developing scalable security tooling and automation.The Application Security Engineer reports to the Chief Technology Officer and works closely with engineering leadership to ensure our products and infrastructure meet the security expectations of healthcare providers, partners, and regulators.This position is ideal for someone who enjoys hands-on technical security work, thrives in a fast-moving startup environment, and wants to have a direct impact on the security posture of AI-powered healthcare products.ResponsibilitiesEmbed security throughout the software development lifecycle, from architecture and design reviews through deployment and monitoringPerform application security assessments, threat modeling, and code reviews for new and existing productsDevelop and maintain security tooling, automation, and guardrails to help engineers identify and remediate vulnerabilities earlyManage vulnerability detection and remediation processes across applications, APIs, cloud infrastructure, and third-party dependenciesPartner with engineering teams to improve secure coding practices and security awarenessDesign and implement security controls for cloud-native environments running on AWSEvaluate and improve authentication, authorization, secrets management, and data protection mechanisms across our productsBuild and maintain security monitoring and detection capabilities for application and infrastructure environmentsConduct security testing, including static analysis, dynamic analysis, dependency scanning, and penetration testing coordinationSupport customer security reviews and audits by providing technical expertise related to product and application securityHelp define security standards and best practices for the development and deployment of AI-powered systemsQualifications4+ years of experience in Application Security, Product Security, Security Engineering, or Software Engineering with a strong security focusStrong understanding of common application security vulnerabilities and secure coding principles, including OWASP Top 10 risksExperience conducting threat modeling, security reviews, and vulnerability assessments for web applications and APIsFamiliarity with modern application security tooling, including SAST, DAST, dependency scanning, container scanning, and CI/CD security controlsExperience securing cloud-native applications running on AWSProficiency in at least one modern programming language such as Python, Go, Java, TypeScript, or similarExperience working closely with engineering teams to drive remediation and improve security postureUnderstanding of authentication, authorization, cryptography, and secure system design principlesExperience operating in regulated environments such as healthcare, fintech, or enterprise SaaS is a plusFamiliarity with AI/ML systems and emerging security considerations around LLMs, agents, and model-integrated applications is a plusAbility to balance security, engineering velocity, and business priorities in a collaborative startup environment
Optionally, you can add more information later (benefits, pre-screening questions, etc.)