← all jobs

[Remote] Security Engineer — Application Security & Identity

Work from home Full-time role Hiring

Note: The job is a remote job and is open to candidates in USA. Real Chemistry is a global agency focused on transforming healthcare through scientific expertise and AI-driven insights. The Security Engineer will own application security across multiple environments, define security controls, and collaborate with teams to ensure robust security practices are implemented.

Responsibilities

  • Conduct security reviews of Internally developed applications including:
  • Data flow validation
  • Security control design and implementation
  • Secrets handling
  • AI/LLM Data Loss Prevention (DLP)
  • Co-lead production readiness reviews for strictly governed environments:
  • Threat modeling
  • Hardening validation
  • Compliance mapping (SOC 2and contractual and regulatory requirements)
  • Define and enforce identity architecture:
  • Corporate identity: Entra ID
  • Workload identity: AWS IAM and GitHub OIDC
  • Define and manage GitHub native security controls:
  • GitHub Advanced Security (CodeQL / SAST)
  • Dependabot (dependency scanning)
  • Secret scanning
  • Branch protection and environment controls
  • Establish standards for security tooling:
  • SAST (CodeQL, Semgrep)
  • SCA (Dependabot, Snyk)
  • Container scanning (Trivy, ECR scanning)
  • Infrastructure as Code (IaC) policy (OPA, Sentinel, tfsec)
  • Define AWS security standards:
  • IAM design and least-privilege access
  • Logging and audit requirements
  • Secrets management and rotation
  • Scope and coordinate third-party penetration testing
  • Maintain audit logging maturity per environment requirements:
  • Baseline logging
  • User-level activity tracking
  • Tamper-evident audit trails with SIEM integration
  • Perform initial triage and risk classification within time requirements for critical issues identified in intake (data exposure, credentials, regulatory risk)
  • Partner with DevOps Engineering to ensure security policies are implemented in pipelines and infrastructure
  • Define approved AI providers and usage boundaries
  • Establish prompt data classification and handling policies
  • Enforce human-in-the-loop requirements where appropriate
  • Define cost/spend guardrails for AI services

Skills

  • 5+ years (or 3–5+ in high-growth environments) in cloud security, 2 of which should be focused application security
  • Hands-on security experience with: AWS IAM, SAML / OIDC federation, GitHub security tooling
  • Experience with threat modeling and coordinating penetration testing
  • Familiarity with SOC 2, GDPR, and HIPAA-adjacent controls
  • In-depth understanding of the risk lifecycle
  • Experience securing GitHub-based CI/CD pipelines
  • Experience in AWS native environments
  • Exposure to regulated industries (GxP, 21 CFR Part 11)
  • Security certifications (CISSP, CCSP, OSCP, GIAC, etc.)
  • Associates degree or higher
  • Experience bringing low-code or AI-generated applications under enterprise security controls

Benefits

  • Free snacks to keep you running all day long
  • Generous holiday and paid time off
  • Options for private medical, dental, and vison plans
  • Support in saving for the future
  • Mental wellness coaching and support
  • Access to more than 13,000 online classes with LinkedIn Learning
  • Attendance in the office two days per week, either at a Real Chemistry office or onsite with clients for employees who are within an hour of one of our offices
  • Remote work with quarterly in-person collaboration, culture and learning opportunities for employees outside of office regions

Company Overview

  • Real Chemistry is a health innovation company dedicated to making the world a healthier place for everyone It was founded in 2001, and is headquartered in San Francisco, California, USA, with a workforce of 1001-5000 employees. Its website is https://www.realchemistry.com.
  • Company H1B Sponsorship

  • Real Chemistry has a track record of offering H1B sponsorships, with 1 in 2025, 3 in 2023. Please note that this does not guarantee sponsorship for this specific role.
  • More open positions

    [Remote] Senior Accountant

    Work from home Full-time role

    [Remote] Accounting Operations- 6 Month Contract (100% Remote US)

    Work from home Full-time role

    [Remote] DevOps Engineer — AWS and GitHub

    Work from home Full-time role

    [Remote] Senior Manager, Human Resources

    Work from home Full-time role

    [Remote] Senior AI Project Manager

    Work from home Full-time role

    Graduate Financial Analyst

    Work from home Full-time role

    [Remote] Sales Executive

    Work from home Full-time role

    Experienced Part-Time Amazon Customer Service Representative – Remote Work Opportunity

    Work from home Full-time role

    Senior Software Engineer, Core Experiences - Boston, MA, USA

    Work from home Full-time role

    Fullstack PHP (Laravel) - Vue

    Work from home Full-time role

    Independent Contractor SQF Auditor

    Work from home Full-time role

    Sales Support Specialist - AI Trainer - Freelance - 8-20 hrs/week - Remote

    Work from home Full-time role

    [Remote] Senior Accounting Technician

    Work from home Full-time role

    Senior Project Manager

    Work from home Full-time role

    Sr Manager, Change Management (remote)

    Work from home Full-time role

    Part-Time Remote Data Entry Specialist – Join careerzynith's Global Team

    Work from home Full-time role

    Operations Technology & Systems Engineer

    Work from home Full-time role

    Video Editor | Unseen (2026 - Updated)

    Work from home Full-time role

    Founding Government Account Executive

    Work from home Full-time role

    Information Security Manager

    Work from home Full-time role

    Sales Specialist (B2B)

    Work from home Full-time role