[Remote] Security Engineer
Note: The job is a remote job and is open to candidates in USA. First Stop Health is on a mission to deliver affordable, delightful healthcare for all by providing connected, whole-person virtual care. They are seeking a Security Engineer to design, implement, and maintain security controls and practices across the organization, working closely with various teams to strengthen security posture and support secure business operations.
Responsibilities
- Lead application security initiatives including architecture reviews, threat modeling, code reviews, and penetration testing coordination
- Integrate security controls and testing into the SDLC and CI/CD pipelines
- Partner with development teams to remediate vulnerabilities and improve secure coding practices
- Champion secure design principles across web, mobile, API, and cloud-native applications
- Support implementation and operation of security testing tools including SAST, DAST, SCA, and secrets detection
- Perform and facilitate threat modeling exercises with development teams to identify potential attack vectors and prioritize risks
- Conduct risk assessments and provide actionable guidance to reduce application-level security risk
- Communicate risk findings clearly, balancing technical detail with business impact
- Design, implement, and maintain security controls across cloud, infrastructure, applications, and enterprise systems
- Participate in security architecture reviews and provide recommendations for risk reduction
- Evaluate and implement security technologies that improve organizational security posture
- Support identity and access management initiatives, including authentication, authorization, and privileged access controls
- Assess cloud environments for security risks and recommend remediation strategies
- Support cloud security initiatives including identity management, logging, monitoring, network security, and workload protection
- Identify, assess, prioritize, and track remediation of security vulnerabilities across applications, cloud environments, endpoints, and infrastructure
- Partner with system owners and engineering teams to ensure timely remediation of identified risks
- Assist with security investigations, incident response activities, and post-incident reviews
- Collaborate with security operations personnel to improve detection and response capabilities
- Lead application security assessments, including static and dynamic analysis, architecture reviews, and manual testing
- Perform and oversee code reviews to identify security vulnerabilities and design flaws
- Lead and coordinate penetration testing engagements, including scoping, execution, remediation validation, and reporting
- Serve as a trusted security advisor to internal teams, providing expert guidance on secure design, implementation, and remediation
- Develop and deliver security training and awareness content for developers and technical stakeholders
- Contribute to security documentation, standards, and internal knowledge bases
- Monitor relevant threat intelligence sources related to application and software supply chain risks
- Analyze emerging threats and vulnerabilities and communicate relevant findings to the Information Security team and other stakeholders
- Recommend enhancements to application security controls and practices based on evolving threats and industry trends
Skills
- 5-8 years of experience in cybersecurity, information security, cloud security, application security, infrastructure engineering, or related technical disciplines
- Strong understanding of security principles across applications, cloud platforms, infrastructure, networks, and enterprise systems
- Strong experience performing security assessments and risk evaluations across applications, cloud platforms, and infrastructure
- Knowledge of security frameworks and standards such as NIST CSF, CIS Controls, OWASP, ISO 27001, and HIPAA
- Experience with vulnerability management and remediation processes
- Familiarity with security monitoring, incident response, and threat detection concepts
- Experience working in AWS and Azure environments
- Strong understanding of authentication, authorization, encryption, and identity management concepts
- Excellent communication and stakeholder management skills
- Bachelor's degree or equivalent practical experience
- Strong application security experience including threat modeling, secure code review, penetration testing coordination, and secure SDLC practices
- Experience with SAST, DAST, SCA, container security, and software supply chain security tools
- Familiarity with DevSecOps practices and CI/CD security integrations
- Experience with security tooling such as SIEM, EDR, CSPM, IAM, and vulnerability management platforms
- Security+, Certified Application Security Engineer (CASE), Certified Secure Software Engineer Lifecycle Professional (CSSLP), etc
Benefits
- First Stop Health offers a comprehensive benefits package that includes various health and medical coverage options, dental and vision coverage, disability and life coverage, making healthcare easily accessible.
- For those that choose to waive medical coverage a monthly medical waiver allowance will be provided.
- First Stop Health offers a remote-first work environment and flexible paid time off, including Summer Fridays.
- The employer match 401k plan and monthly phone stipend demonstrates the company's commitment to employee financial well-being.
- The First Stop Health membership benefit is another added perk for employees and provides our virtual care solutions -- Urgent Care, Mental Health, and Primary Care -- from their very first day!
Company Overview