Application Security Engineer

About Us

At SimplePractice we are improving access to quality care by equipping health and wellness clinicians with all the tools they need to thrive in private practice.

More than 250000 providers trust SimplePractice to build their business through our industry-leading software with powerful tools that simplify every part of practice management. From admin work to clinical care our suite of innovative solutions work together to reduce administrative burdenempowering solo and small group practitioners to thrive alongside their clients.

Recognized by MedTech Breakthrough as the Best Practice Management Solution Provider in 2024 and the Digital Health Awards in 2023 SimplePractice is proud to pave the future of health tech.

The Role

SimplePractice is a leading practice management platform for health & wellness professionals. We are dedicated to empowering practitioners to run their businesses more efficiently and securely. We are seeking a hands-on Application Security Engineer who will play a pivotal role in enhancing and safeguarding our this role you will be a hands-on builder and implementer working closely with our innovative product and engineering teams to integrate robust security practices into the entire software development lifecycle (SDLC). You will actively contribute to building and scaling our application security program mitigating risks ensuring compliance with healthcare regulations and advancing our mission of securely empowering health & wellness professionals.

Youve been a hands-on security-focused engineer with a deep understanding of application vulnerabilities and defensive coding practices. Youve built your knowledge and are eager to partner directly with engineering teams to embed security from the start. You bring full stack skills that can help develop and implement security controls tools and processes to scale our application security capabilities.

Responsibilities

Applied AI Security Engineering:

• Design build and implement secure solutions and automation to embed security testing and controls within the SDLC serving as a hands-on expert in secure development practices.
• Partner with engineering teams to move from reactive security fixes to proactive embedded security in their development workflows.
• Collaborate with product and engineering teams to perform security reviews threat modeling and design reviews for new features and architectural changes.
• Actively develop and contribute code to internal security tools security testing frameworks (e.g. SAST DAST SCA) and defensive libraries to proactively identify and address vulnerabilities.
• Lead incident response for application-related security events focusing on root cause analysis and implementing preventative controls.
• Integrate security capabilities directly into CI/CD pipelines and engineering workflows to automate vulnerability detection and remediation.

AI Security Architecture & Strategy:

• Design and implement security architecture for web applications APIs and microservices ensuring security by design.
• Develop secure coding standards security patterns and reusable components for application development and deployment.
• Conduct threat modeling across the application portfolio to identify and prioritize risks.
• Establish and maintain security controls for development staging and production environments.
• Translate application security strategies into actionable development plans and prototypes.

Vendor & Technology Assessment:

• Evaluate third-party components libraries and SaaS providers for security compliance and data protection.
• Assess emerging application security tools and technologies.
• Review cloud-based services and configurations for compliance and security posture.

Risk Management & Compliance:

• Partner with legal and compliance teams to ensure application security initiatives meet regulatory (e.g. HIPAA HITECH) and contractual requirements.
• Implement and monitor controls for data privacy integrity and access management within the application layer.
• Develop metrics and reporting for the application security posture across engineering teams.
• Liaison with customers and auditors on SimplePractices approach to application security and compliance.
• Leverage automation to operationalize security and compliance workflows continuously monitoring and improving our security posture.

Desired Skills & Experience

• 5 years of experience in information security with recent focus on application security secure SDLC and partnership with engineering.
• Proven hands-on experience in designing developing and deploying security controls and automation including expertise in code review vulnerability remediation and security testing.
• Strong background in security architecture and threat modeling for modern web applications and APIs.
• Strong bias towards automating security tasks and processes to scale the program.
• Demonstrated experience in implementing security controls within a regulated environment (e.g. healthcare finance) with a strong emphasis on practical application and automation.
• Degree in Computer Science Cybersecurity or a related field.
• Demonstrated experience with serverless cloud technologies (e.g. Lambda Cloud Run) and/or containerization and orchestration (e.g. Docker Kubernetes).
• Strong software development background with proficiency in ruby python rust go or similar languages including experience with DevSecOps practices and tools such as Terraform Git and CI/CD pipelines.
• Understanding of healthcare compliance (HIPAA HITECH) is highly desirable.
• Excellent analytical problem-solving and communication skills especially the ability to explain security risks to engineering partners.
• Ability to work independently to learn new technologies processes and frameworks.

Bonus Points

• A hands-on security certification (SANS OSCP CSSLP etc.).
• Experience in healthcare or medical device security.
• Experience contributing to open-source security projects or developing internal application security tools/frameworks.
• Familiarity with security automation and orchestration platforms (e.g. SOAR) and their integration with application security tools.

This role offers an exciting opportunity to shape the future of application security in healthcare. The successful candidate will play a crucial role in ensuring the safe and compliant operation of our platform protecting sensitive client data and maintaining the integrity of our healthcare systems through strong partnerships with our engineering organization.

Base Compensation Range

$115000 - $145000 annually

Base salary is one component of total compensation. Employees may also be eligible for an annual bonus or commission. Some roles may also be eligible for overtime pay.

The above represents the expected base compensation range for this job requisition. Ultimately in determining your pay well consider many factors including but not limited to skills experience qualifications geographic location and other job-related factors.

Benefits

We offer a competitive benefits program including:

• Medical dental vision life & disability insurance
• 401(k) plan with company match
• Flexible Time Off (FTO) wellbeing days paid holidays and summer Fridays
• Mental health resources
• Paid parental leave & Backup Care
• Tuition reimbursement
• Employee Resource Groups (ERGs)

California Job Applicant Privacy Notice

Thank you for your interest in opportunities at SimplePractice LLC (SimplePractice or us or we or our). Please note that when you submit your resume or application materials to us for employment purposes you are subject to theSimplePractice California Job Applicant Privacy Notice.

For more information about our privacy practices please contact us at.