Senior Application Security Engineer
Our mission is to serve cancer patients and our customers by dramatically improving treatment and accelerating research. Our team is building a disruptive, oncology-specific software platform that connects cancer centers across the world on a common technology infrastructure to address key healthcare challenges.
Today, the Flatiron Health OncologyCloud™ platform includes the industry-leading electronic medical record for oncology, a first-of-its-kind analytics tool, patient portal, and integrated billing management. Our goal is to help cancer centers and life science companies leverage real-world oncology data at a scale and clinical depth never before seen, to advance cancer care and accelerate research.
Our security team embodies a collaborative, efficient, and flexible working environment. While responsibilities are clearly defined, we share a common purpose and goal: employing all measures to protect against threats to our business, because our technology governs the treatment of millions of cancer patients. For us, application security is way more than just code reviews and penetration testing. It's about the complete development workflows, defining a security culture, and advocating for security features (like 2FA) in systems. We are always looking for new ideas and trying to make sure the best ideas rise to the top of the heap. We focus on results and not just debate, in fact we are often architects, designers and engineers, not just advisors.
- See our architectures, read our code, break the apps, and find the problems before the bad guys do (through penetration testing, ethical hacking, etc.).
- Build frameworks, APIs, processes, and whatever else is necessary to keep our web applications secure.
- Stay on the leading edge of security research and make sure the company responds to new things quickly.
- Build application security champions. Teach engineers how to code secure.
- Own the responsibility of securing our products!
- Have a strong foundation in and in-depth technical knowledge of application security, particularly web application security.
- Sympathize with the complexity of being a developer and want to help make writing secure code easier.
- Can read code like a book, and write enough code to get by (our tech stack is a diverse set of technologies running across both Windows and Unix platforms in the cloud).
- Able to deal with the ambiguity associated with working in a fast paced and changing environment; self motivated and results oriented.
- Have at least 2 years relevant work experience.
- Have excellent interpersonal communication skills.