Senior Application Security Engineer

Recent advancements in underlying technology have finally made it possible for AI to impact clinical care in a meaningful way. Tempus' proprietary platform connects an entire ecosystem of real-world evidence to deliver real-time, actionable insights to physicians, providing critical information about the right treatments for the right patients, at the right time.

At Tempus, the Application Security team’s goal is to measure our security posture, scale security risk, and provide secure-by-default approaches to engineering and product teams. This is accomplished by enabling the programmatic detection of application risks, performing code reviews of key components, and developing blessed patterns to code, build, and deploy securely. 

We’re looking for a Senior Application Security Engineer to help drive a security culture and champion application security initiatives at Tempus.

• Supporting and consulting with engineering and product teams in the area of application security by identifying and creating design patterns that are secure by default. Also leading threat modeling and other security assessments to help teams balance security risk vs. product needs. Guide and advise product development teams as SMEs in the area of application security.
• Assist in creation of and help lead Tempus-wide application security initiatives and being an active member in developing the application security program at Tempus.
• Evolving application security vulnerability management and supporting the vulnerability disclosure program.
• Develop security training and socialize the material with internal development teams.
• Researching and providing context for novel web security issues against Tempus’ products. As well as Leading the development of automated security testing to validate secure coding best practices are being followed.
• Participate and assist in initiatives to holistically address multiple vulnerabilities found in a functional area.
• Scaling application security through automation and practical implementations.
• Being a mentor to other members of the team
• Assist with recruiting activities and administrative work.
• Support and evolve the vulnerability disclosure program.

• Five+ years experience in application security
• Great communication skills; You should be able to explain risks to an audience of engineers and  product managers or leadership. Be able to write documentation that is understandable for entry level engineers.
• Ability to assess vulnerabilities to determine security risk.
• Easily identify risky code patterns in JavaScript, TypeScript, or Python. Be able to research patterns in other languages.
• Strong understanding of modern web technologies, their downsides, and how best to secure them.
• Strong understanding of what a good, mature, application security program should look like.
• Ability to use GitHub.
• Understand how applications are developed, be able to write scripts to automate manual processes. Know where to add security in a DevOps pipeline.
• Experience working closely with developers.

We're on a mission to connect an entire ecosystem to redefine how genomic data is used in clinical settings. We're looking for software engineers who are passionate about changing the status quo and bringing cancer care into the 21st century.

We are an equal opportunity employer. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.