Senior Application Security Engineer at Zocdoc
Zocdoc is the tech company at the beginning of a better healthcare experience. Every day, we are driven by our mission to give power to the patient, building products and services that simplify and streamline the overall healthcare journey for patients and providers, delivering the modern healthcare experience they expect and deserve.
Healthcare moves slow. We move fast. Patients deserve speed and convenience.
Your Impact on our Mission
Zocdoc’s most important asset is our people. Join Zocdoc as a Senior Application Security Engineer to help provide better care to patients and build a better health care experience! As a Senior Application Security Engineer you’ll play a meaningful role working with the product and technology teams to incorporate security into the application development lifecycle.
You’ll enjoy this role if you are…
- Personally motivated by participating in development teams’ tech specifications and code reviews with emphasis in security for code and design patterns
- Passionate about taking initiative to drive internal security and privacy initiatives
- Motivated by building secure products that make healthcare easier
- A subject matter expert on secure design and coding practices
Your day to day is…
- Assessing Zocdoc’s application threat landscape through architecture reviews, threat modeling, and data investigations
- Performing validation of security controls to ensure adherence with industry best practices
- Evaluating and operationalizing security tools by integrating with the development environment and commit/build pipelines
- Reviewing security test results from vulnerability scans, penetration testing and proposing appropriate remediation or mitigation controls
- Participating in incident response and analysis
- Helping with HITRUST and SOC audits
You’ll be successful in this role if you have…
- Meaningful (4-7 years) experience in Engineering with at least a few years in a Security Engineer role
- Hands-on experience responding to security incidents
- Strong investigative skills, including expertise of SQL to conduct analysis
- Passion for identifying and helping to resolve common application security flaws (e.g. OWASP, SANS)
- A fundamental understanding of security frameworks like NIST CSF
- Experience with running Application and Security assessment tools
- Experience working with AWS or other cloud environments
- Experience with at least one (1) common programming or scripting languages such as Perl, Python, Ruby, Java, PHP, etc. with code review experience.
- An understanding of network and web-related protocols (such as TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)
- Understanding of Vulnerability Management and other general security testing principles with the ability to provide specific recommendations on how to fix vulnerabilities
- CISSP and OSCP are preferred
- Unlimited PTO
- 100% paid employee health benefit options
- Competitive parental leave
- Catered lunch everyday along with snacks (in office)
- Cell Phone reimbursement
- Convenient Soho location
Zocdoc is the country’s leading digital health marketplace that helps patients easily find and book the care they need. Each month, millions of patients use our free service to find nearby, in-network providers, compare choices based on verified patient reviews, and instantly book in-person or video visits online. Providers participate in Zocdoc’s Marketplace to reach new patients to grow their practice, fill their last-minute openings, and deliver a better healthcare experience. Founded in 2007 with a mission to give power to the patient, our work each day in pursuit of that mission is guided by our six core values. Zocdoc is a private company backed by some of the world’s leading investors, and we believe we’re still only scratching the surface of what we plan to accomplish.
Zocdoc is a mission-driven organization dedicated to building teams as diverse as the patients and providers we aim to serve. In the spirit of one of our core values - Together, Not Alone, we are a company that prides itself on being highly collaborative, and we believe that diverse perspectives, experiences and contributors make our community and our platform better. We’re an equal opportunity employer committed to providing employees with a work environment free of discrimination and harassment. Applicants are considered for employment regardless of race, color, ethnicity, ancestry, religion, national origin, gender, sex, gender identity, gender expression, sexual orientation, age, citizenship, marital or parental status, disability, veteran status, or any other class protected by applicable laws.