Job Description

About The Role

Were looking for a detail-oriented, technically skilled engineer to join our Application Security team. This role offers opportunities to influence the groups growth and direction while integrating security within the entire Software Development Life Cycle (SDLC).

Security Engineers will collaborate with Product and Engineering teams to embed security into all phases of the SDLC from feature design and implementation to deployment. They also establish and evaluate authentication, authorization, and privacy controls for B2C, B2B and M2M entity types and use cases.

They will identify, prioritize, and remediate vulnerabilities identified via internal and third party penetration testing, SCA, SAST, DAST. They will also deploy, maintain and tune the tools used to perform this testing.

Security Engineers serve as subject matter experts on authentication and authorization security, partnering with product and engineering teams to implement security and privacy best practices for healthcare applications.

The ideal candidate will have experience securing, hardening, and identifying vulnerabilities in web applications, RESTful and GraphQL APIs, and mobile applications (iOS and Android) in a cloud hosted microservice environment.

The ideal candidate will also have experience risk assessing the results of automated SCA, SAST and DAST to validate severity before assigning to engineers for remediation.

They may also have experience in securing Generative AI LLM services, including, but not limited to security guardrails to prevent jailbreaks, sensitive information disclosure, data/model poisoning, and safety guardrail verification and testing.

What Youll Accomplish

• Implement and maintain automated security scanning tools (SCA, SAST, DAST) and perform manual and AI assisted security assessments including source code review to identify and remediate vulnerabilities in Hinge Health web applications, mobile applications and API endpoints.
• Enable the product teams to create secure by design product features and services by working alongside product managers and engineers during the design phase of projects including Generative AI projects.
• Assist with third party security assessments and penetration tests of Hinge Health web applications, API endpoints, and mobile applications, including interpretation of results and verification of remediations.
• Contribute to the improvement of Software Development Life Cycle management policies, procedures, and standards.

Basic Qualifications

• 3+ years of experience in application security, product security, or related security engineering roles.
• Experience securing web applications, mobile applications (iOS/Android), or API endpoints.
• Experience with automated security testing, including configuring and automating security scans as part of the CI/CD process, and interpreting the results and working directly with engineers on prioritization and remediation.
• Experience in examining source code in multiple languages to evaluate security controls and identifying common coding and design vulnerabilities. Experience with OWASP Top 10 and other common security flaw patterns.
• Demonstrated ability to collaborate with engineering and product teams to address security concerns.

Preferred Qualifications

• Experience securing applications in Health Care, securing ePHI and HIPAA/HITECH regulations.
• Experience with modern authentication and authorization technologies including OAuth 2.0, OIDC, SAML, JWT validation, SSO integrations, MFA/OTP implementations, API tokens, and identity platforms such as Auth0 or Okta. Understanding of session management, refresh tokens, and secure authentication flows for B2C, B2B, and M2M use cases.
• Experience assessing the security and safety of Generative AI LLM solutions and in evaluating and implementing solutions for their continuous monitoring.
• Familiarity with HITRUST CSF and NIST control frameworks.
• Experience in Threat Modeling.
• Experience performing security assessments and secure design of hardware and firmware of medical devices communicating over Bluetooth.
• Experience with any of the following, deploying web based services on AWS infrastructure, Kubernetes, Typescript, ReactNative, Python, Go, Ruby on Rails, GraphQL, IaC using Terraform.
• Incident Handling: Be able to work as a subject matter expert in the security controls, internal communications, and infrastructure of Hinge Health applications during security incidents.

Compensation

This position will have an annual salary, plus equity and benefits. Please note the annual salary range is a guideline, and individual total compensation will vary based on factors such as qualifications, skill level, competencies, and work location. The annual salary range for this position is $192,000 - $230,400.

About Hinge Health

Hinge Health leverages software, including AI, to largely automate care for joint and muscle health, delivering an outstanding member experience, improved member outcomes, and cost reductions for its clients. The company has designed its platform to address a broad spectrum of MSK carefrom acute injury, to chronic pain, to post-surgical rehabilitationand the platform can help to ease members pain, improve their function, and reduce their need for surgeries, all while driving health equity by allowing members to engage in their exercise therapy sessions from anywhere. The company is headquartered in San Francisco, California.

Learn more at

What Youll Love About Us

• Inclusive healthcare and benefits: On top of comprehensive medical, dental, and vision coverage, we offer employees and their family members help with gender-affirming care, tools for family and fertility planning, and travel reimbursements if healthcare isnt available where you live.
• Planning for the future: Start saving for the future with our traditional or Roth 401k retirement plan options which include a 2% company match.
• Modern life stipends: Manage your own learning and development.

Culture & Engagement

Hinge Health is an equal opportunity employer and prohibits discrimination and harassment of any kind. We make employment decisions without regards to race, color, religion, sex, sexual orientation, gender identity, national origin, age, veteran status, disability status, pregnancy, or any other basis protected by federal, state or local law. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. We provide reasonable accommodations for candidates with disabilities. If you feel you need assistance or an accommodation due to a disability, let us know by reaching out to your recruiter.

By submitting your application you are acknowledging we are using your personal data as outlined in the personnel and candidate privacy policy.

Job Tags

Similar Jobs