Senior Application Security Engineer at Zocdoc
Zocdoc is the tech company at the beginning of a better healthcare experience. Every day, we are driven by our mission to give power to the patient, building products and services that simplify and streamline the overall healthcare journey for patients and providers, delivering the modern healthcare experience they expect and deserve.
Healthcare moves slow. We move fast. Patients deserve speed and convenience.
About the Role
Join Zocdoc as a Senior Application Security Engineer to help provide better care to patients and build a better health care experience! As a Senior Application Security Engineer, you will work with the product and technology teams to incorporate security into the application development lifecycle.
What You’ll Do:
- Assess the application threat landscape by architecture reviews and threat modeling
- Perform validation of security controls to ensure adherence with industry best practices
- Evaluate and operationalize security tools by integrating with the development environment and commit/build pipelines
- Review security test results from vulnerability scans, penetration testing and propose appropriate remediation or mitigation controls
- Take initiative in driving internal security and privacy initiatives
- Participate in incident response and analysis
- Help with HITRUST and SOC audits
- 4 to 7 years of relevant experience in an Information Security Engineer role
- Experience identifying and helping to resolve common application security flaws (e.g. OWASP, SANS)
- Subject matter expertise on secure design & coding practices
- Experience with running Application and Security assessment tool
- Experience working with AWS or other cloud environments
- Experience with at least one (1) common programming or scripting languages such as Perl, Python, Ruby, Java, PHP, etc. with code review experience.
- An understanding of network and web-related protocols (such as TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)
- Understanding of Vulnerability Management and other general security testing principles with the ability to provide specific recommendations on how to fix vulnerabilities
- CISSP and OSCP are preferred
100% covered health care for employees
Catered lunch everyday along with snacks
Discounted gym memberships
Cell Phone reimbursement
Convenient Soho location
Team outings to celebrate goals
Of course, your healthcare experience probably isn’t perfect yet. But no matter what, we’ll continue to put the patient’s needs first. We simply believe there’s no better way to deliver the great healthcare experience we all deserve. We created Zocdoc to solve patient problems, beginning with online appointment-booking – and we haven’t stopped building since. With Zocdoc, you can see doctors’ open appointment times and book instantly online, make informed choices with verified reviews, and stay on top of important checkups with tailored reminders.