Application Security Engineer (AI)

TL;DR

Application Security Engineer (AI): Improving the security posture of generative AI solutions for healthcare with an accent on secure code reviews, automated CI/CD security pipelines, and vulnerability management. Focus on securing highly sensitive patient data and collaborating with engineering teams to integrate security into the software development lifecycle.

Location: Hybrid role requiring on-site presence in South San Francisco on Wednesdays and Thursdays.

Compensation: $205,000–$275,000 + Equity

Company

A fast-growing generative AI startup focused on streamlining healthcare revenue cycle operations and documentation.

What you will do

• Perform secure code reviews, threat modeling, and security design reviews for features and services.
• Implement and automate security tooling (SAST, DAST, SCA, container scanning) within CI/CD pipelines.
• Triage and validate security vulnerabilities from automated tools, penetration tests, and bug bounty programs.
• Partner directly with engineering teams to drive remediation of security findings.
• Support compliance initiatives, specifically HIPAA and SOC 2, regarding application and data security.
• Contribute to developer training and maintain security guidelines based on the internal codebase.

Requirements

• Must have 5+ years of experience in application security.
• Proven experience writing and reviewing production-grade code in languages like Python, Go, Java, or TypeScript.
• Working knowledge of OWASP Top 10, common vulnerability classes, and remediation strategies.
• Hands-on experience with threat modeling and security tooling in CI/CD environments.
• Familiarity with cloud security (AWS) and containerization/Kubernetes security.
• Solid understanding of authentication standards (OAuth 2.0, OIDC, SAML) and API security (REST, GraphQL).

Nice to have

• Experience in healthcare or health-tech, including HIPAA Security Rule compliance.
• Exposure to compliance frameworks such as SOC 2 Type II or HITRUST.
• Industry certifications like OSCP, CSSLP, or CEH.

Culture & Benefits

• Comprehensive health, dental, and vision coverage with 100% free options available.
• Employer contributions to Health Savings Accounts (HSA) and 401(k) plan.
• Flexible Paid Time Off (PTO) policy and generous parental leave.
• Home office stipend and monthly cell/internet reimbursement.
• Mission-driven environment working with national-level health systems.
• Supportive engineering culture that values security as a core development principle.