Senior Application Security Engineer

Our mission: to eliminate every barrier to mental health. 

• Improve the security throughout the systems / solutions selection, implementation, operation, and full lifecycle of the service.
• Create detailed process management workflows to ensure security engineering activities are tracked, processes reviewed, policies are followed, and audit requirements are met.  
• Assist peer teams in securing applications, business software and services, and infrastructure.
• Participate in new solution requirements gathering and design development.
• Assist with development, review, and execution of test plans to ensure effectiveness of security controls.
• Assist teams with mitigating findings including assessment of impacts, possible solutions, and efficacy of remedies.
• Assist with the secure integration of cloud applications and infrastructure.
• Develop and maintain technical support/knowledge base. 
• Develops Service Level Agreements to set expectations and measure performance. 
• Be a member of the Incident Response Team.
• Other duties as assigned. Management reserves the right to assign or reassign duties and responsibilities at any time.

• You are a dedicated, highly organized and motivated person who is passionate about technology and security.
• You are inquisitive, have a can-do attitude and a remarkable positive track record for figuring things out and getting things done.
• You work well within a team but also individually and with little direction.
• You can communicate effectively in both written and oral forms to technical and non-technical audiences.
• You can work under deadlines in a fast-paced environment..
• Experience implementing controls against various Frameworks such as NIST CSF, HIPAA, HITRUST, ISO-27001 and SOC-2
• Strong hands-on working knowledge about modern web application architecture and how to secure it (OWASP, SANS Top 25).
• Experience securing CI/CD pipelines enabling strong security controls through the implementation of commercial and custom built tooling.
• Experience performing code audits on internal and open source libraries for inclusion in our products.
• Experience with DAST, SAST, as well as manual testing techniques.
• Experience with IaaS cloud infrastructure, container technologies, and software-oriented architecture.
• Experience building security tools and automation in languages such as Go, JavaScript, Python, or Ruby.
• Bachelor’s degree in Computer Science, Engineering, MIS, IT.  Or related coursework and/or equivalent work experience.
• Minimum of 5 years of professional or technical experience in IT with a strong background in all aspects of security tools administration and incident response.
• Must have certification, training, or educational equivalent in at least one of the following: security fundamentals, incident response, ethical hacking, or cloud security.
• Within 18 months of hire, expected to acquire additional certifications or training as necessary (company-sponsored).

• Experience with managing bug bounty programs.
• PenTesting focused certifications.
• 4+ years of demonstrated hands-on years experience configuring and implementing multiple cloud based security tools (e.g. SIEMs, EDR, UBA, PAM, IAM, MFA, DLP, etc.).
• 4+ years of demonstrated hand-on experience developing, implementing, and supporting application security services consumed by product teams across cloud-based infrastructure (AWS, Azure, Google Cloud).

Hypergrowth meets impact

• You will be held accountable to an exceptionally high bar and impact
• This may be the fastest work environment you will ever experience in terms of growth, decision-making, and time to impact
• You will be challenged to set and protect your own boundaries
• You will create processes & products that have never existed before
• You will have very direct conversations and receive continuous feedback to push you to become the highest performer you can be
• Change is a constant here: your role, team, responsibilities, and success metrics will shift as the company grows

• You get to be surrounded by some of the brightest minds in the field  
• You get to learn and grow at an extremely accelerated pace
• You will experience transparency, integrity, &  humility from leadership 
• You will be empowered to constantly challenge the status quo
• You get the space to experiment & innovate
• You get to make a transformational impact for the company, mental health, and for real human lives — and you will see that impact quickly
• You will become more resourceful and resilient
• You get to be part of a winning team that opens doors in the future

Benefits provided by Spring Health:

• Generous medical, dental, vision coverage available day 1 + access to One Medical
• 20 total yearly no-cost visits to the Spring Health network of therapists, coaches, and medication management providers for you and your dependents
• Flexible paid time off in addition to 12 paid holidays throughout the year
• $500 per year Wellness Reimbursement
• Spring Health provides access to QuitGenius, a platform with technology-tailored, personalized addiction treatment plans for substance use (*QG is available to benefit-enrolled employees, spouses, and dependents age 18+)

• 4-4.5 months of fully paid parental leave
• Spring Health provides team members and their families with sponsored access to Bright Horizons® child care, back-up care, and elder care.
• Access to Joshin is provided by Spring Health. Joshin is a comprehensive support system for disabilities and neurodivergence in the workplace. This benefit supports employees, their families, and our teams through personalized navigation and disability education and training along with a network of screened in-home caregivers with disability and neurodivergent experience. 

• Our People team benchmarks all salaries using the Radford Global Compensation Database for technology and life sciences industries. Radford benchmarks salaries with 3,589 global firms, 6.5 million employees, and 98 countries across the globe. We do this to ensure all of our team members are paid equally and competitively.
• On top of competitive and benchmarked salary, Spring Health offers incentive pay (based on role), and equity that begins vesting as we celebrate your first year with the company!
• Employer sponsored 401(k) match of up to 2% after 90 days of employment

• Flexible work arrangements: 60% of Spring Health team members work fully remote while 40% work in a hybrid model from our New York City offices
• Calm Fridays: no meetings, no distractions, just time for you to get work done.
• Up to $1,000 Professional Development Reimbursement per calendar year. Any requests over $250 must be requested for pre-approval prior to enrollment by sending an email to the People Team. 
• $200 per year donation matching to support your favorite causes