Zocdoc is the tech company at the beginning of a better healthcare experience. Every day, we are driven by our mission to give power to the patient, building products and services that simplify and streamline the overall healthcare journey for patients and providers, delivering the modern healthcare experience they expect and deserve.
Healthcare moves slow. We move fast. Patients deserve speed and convenience.
The safety and health of our employees is our top priority. As such we will not require our teams to return to the offices until Labor Day 2021. Click here to read more about this decision from Zocdoc's founder and CEO, Oliver Kharraz.About the Role
Join Zocdoc as a Senior Application Security Engineer to help provide better care to patients and build a better health care experience! As a Senior Application Security Engineer, you will work with the product and technology teams to incorporate security into the application development lifecycle.What You’ll Do
- Assess Zocdoc’s application threat landscape through architecture reviews, threat modeling, and data investigations
- Participate in Development teams’ tech specifications and code reviews with emphasis in security for code and design patterns.
- Perform validation of security controls to ensure adherence with industry best practices
- Evaluate and operationalize security tools by integrating with the development environment and commit/build pipelines
- Review security test results from vulnerability scans, penetration testing and propose appropriate remediation or mitigation controls
- Take initiative in driving internal security and privacy initiatives
- Participate in incident response and analysis
- Help with HITRUST and SOC audits
- 4 to 7 years of relevant experience in Engineering with at least a few years in a Security Engineer role
- Hands-on experience responding to security incidents
- Strong investigative skills, including expertise of SQL to conduct analysis
- Experience identifying and helping to resolve common application security flaws (e.g. OWASP, SANS)
- Strong understanding of security frameworks like NIST CSF
- Subject matter expertise on secure design & coding practices
- Experience with running Application and Security assessment tools
- Experience working with AWS or other cloud environments
- Experience with at least one (1) common programming or scripting languages such as Perl, Python, Ruby, Java, PHP, etc. with code review experience.
- An understanding of network and web-related protocols (such as TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)
- Understanding of Vulnerability Management and other general security testing principles with the ability to provide specific recommendations on how to fix vulnerabilities
- CISSP and OSCP are preferred
- Competitive PTO
- 100% covered health care for employees
- Parental leave
- Catered lunch everyday along with snacks
- Discounted gym memberships
- Cell Phone reimbursement
- Commuter Benefits
- Convenient Soho location
- Team outings to celebrate goals
Of course, your healthcare experience probably isn’t perfect yet. But no matter what, we’ll continue to put the patient’s needs first. We simply believe there’s no better way to deliver the great healthcare experience we all deserve. We created Zocdoc to solve patient problems, beginning with online appointment-booking – and we haven’t stopped building since. With Zocdoc, you can see doctors’ open appointment times and book instantly online, make informed choices with verified reviews, and stay on top of important checkups with tailored reminders.