Are you a Tech Lead, Application Security Engineer who is passionate about empowering engineering teams to build secure software?

Redox is searching for an exceptionally talented Lead level Application Security Engineer to join our Security Team. In this role, you will set the direction for our application security processes, tools, and capabilities. Redox is an engineering-first company, building the future of healthcare information exchange, the platform to help power healthcare companies and applications to work together!

Responsibilities:

• Be an active voice in our small, focused security team as the primary engineer responsible for Application and Product Security.


• Empower Redox to reduce avoidable vulnerabilities introduced into code, reduce the time to detect vulnerabilities that do exist, and mitigate vulnerabilities detected as quickly as possible.


• Approach securing our company pragmatically, empathizing with engineers, developers and security champions to understand their needs.


• Perform risk assessments, threat models and code reviews for our application.


• Communicate issues and progress on complex problems in terms easily understood by stakeholders.


• Coordinate and manage our penetration testing and bug bounty programs.


• Support and build valuable training activities that uplift developer awareness of secure coding practices.


• Build and maintain tools that detect potential security issues within our development pipeline.


• Maximize security impact and reduce risk while minimizing the negative impact on our businesses and developer velocity.


• Mentor and guide engineering teams on best practices for keeping our applications secure.

Background and Experience Requirement:

• Knowledge of current application security vulnerabilities, how to detect them, how to prevent them and how to create awareness of them.


• Proficiency and hands-on experience using tools to which can detect security vulnerabilities, both statically and dynamically.


• Experience securing Javascript, NodeJS and Typescript applications.


• Experience with containerized and application mesh architectures.


• Ability to communicate complex security threats and risks into simple terms for non-security (and even non-technical) stakeholders.


• Development experience in at least two high-level languages such as NodeJS, Python, Ruby, C#, Scala, Java, etc.


• Experience running threat modeling sessions with engineering teams.

Bonus Points:

• Securing applications based on AWS Technologies


• Offensive security (OSCP) certifications


• Docker/K8 hardening experience