Application Security Engineer

Linus Health is a Boston-based digital health company focused on transforming brain health for people across the world. By advancing how we detect and address cognitive and brain disorders – leveraging cutting-edge neuroscience, clinical expertise, and artificial intelligence – our goal is to enable a future where people can live longer, happier, and healthier lives with better brain health.

We are a team of 95+(and growing!), embarking on an exciting period of accelerated growth.  We invite collaborative, self-driven and impact-oriented professionals to join our dynamic and fast-growing team.

Please note that in order to be considered for the role, you must be located in the US or Canada. Unfortunately, due to the job requirement's, we are not able to consider anyone currently located in CO at the moment. We are also not able to provide sponsorship at this time.

What You’ll do:

• Conduct regular security assessments of our apps and architecture through penetration tests, vulnerability scans, threat modeling, and manual inspection.
• Provide security guidance on web and mobile applications backed by a GraphQL microservices architecture hosted in AWS.
• Analyze, assess, and respond to discovered vulnerabilities.
• Review automated code analysis results and perform manual code reviews to identify critical security areas to focus on.
• Provide advice and consultancy to developers to resolve security findings and drive security compliance.
• Establish policies and procedures for ensuring code security including testing frameworks integrated into CI/CD pipelines.
• Drive internal security and privacy initiatives including documenting and communicating policies for compliance.
• Participate in SOC2, regulatory, and other compliance audits.

About You

Must Haves:

• B.S. in Computer Science or equivalent software engineering experience, especially familiarity with secure architecture and programming for Typescript, Javascript, Node.js, and mobile native (iOS or Android) applications.
• Effective understanding of security industry best practices such as protocols, cryptography, authentication, authorization, and secure application programming.
• Experience with implementing a successful and effective secure SDLC program with a high level of automation covering application Security (web and mobile applications), Cloud Security, and Risk and Compliance.
• Experience with code scanning procedures such as SCA, SAST, DAST, and related frameworks/tools such as OWASP, veracode or blackduck.
• Experience securing AWS infrastructure using tools like Audit Manager, Inspector, CloudTrail, and IAM for regulations such as HIPAA, SOX, GDPR, PCI, Global security mandates.
• Familiarity with security considerations and configurations for production apps including isolating and securing environments using network configurations, IAM roles, security groups, bastion hosts or amazon workspaces, firewall setups

Nice to Haves:

• Experience using pen testing tools (Kali Linux, BurpSuite, nmap, metasploit, etc.)
• Experience using and applying security policies for Terraform (IaC) code controlling production infrastructure.
• Experience training developers in various aspects of security to include secure coding, security requirements, static/dynamic security tools, etc.

What We Offer:

• As a health and wellness company, an opportunity to have a lasting impact on the way people and communities engage with brain and mental health, and even to affect the prognoses of people’s mental and brain health trajectory
• A mission driven environment where all 95+ employees strive to exemplify our core values every day
• Competitive compensation packages that include an annual discretionary target bonus incentive as well as valuable equity for full time employees
• Unlimited PTO -- We know this can work both ways, however our leadership team does an excellent job at encouraging people to take PTO
• A sincere and deep appreciation for the importance of mental health: We have recently implemented a “monthly flex day” where employees are encouraged to take time away from work to rest, recharge & reset.
• A peer-to-peer recognition program: Celebrating our employees’ hard work and success is in our DNA!
• Employee Referral Incentive program
• A robust healthcare package that includes medical, dental & vision benefits as well as a 401(k) program where Linus will match up to 6% of employee contributions
• Compensation - Target base of 140-160K, 7.5% bonus + equity

Linus Health is an equal opportunity employer. All qualified candidates will receive consideration for employment without regard to race, religion, color, national origin, sexual orientation, gender, gender identity or expression, age, genetic information, disability or any characteristic protected by law. We believe that diversity is critical to the growth of our company and understand the importance of fostering an environment where everyone has a voice. We are also committed to providing reasonable accommodations for candidates with disabilities during the recruiting process. If you are in need of assistance due to a disability, please contact us.