Senior Application Security Engineer

Alma is on a mission to simplify access to high-quality, affordable mental health care. We do this by making it easy and financially rewarding for therapists to accept insurance and offer in-network care. When a provider joins Alma, they gain access to a suite of tools that not only help them better run their business, but also grow it sustainably and develop as a provider. Alma is available in all 50 states, with over 20,000 therapists in our growing network. Anyone looking for a therapist can browse Alma’s free directory. Alma has raised $220.5M in funding from Insight Partners, Optum Ventures, Tusk Venture Partners, Primary Venture Partners, First Round Capital, Sound Ventures, BoxGroup, Cigna Ventures, and Rainfall Ventures. Alma was also named one of Inc’s Best Workplaces in 2022 and 2023.

Senior Application Security Engineer

Alma is seeking a mission-driven Senior Application Security Engineer to join our team. We are dedicated to building secure and compliant tools and services which help mental healthcare providers more easily manage and grow their practice. In this role, you will help validate that our services, applications and web technologies are designed and implemented in a way that meets Alma’s security standards. You will help analyze, discover, and address security issues across our technical platform.

On this scaling team, you will have a strong hand in defining how Alma's engineering team approaches application security in the software development process. The ideal person for this role loves to work with other teams to design and build amazing security controls and automation.

What you’ll do:

• Develop, execute, and track the performance of security measures to protect Alma’s data, applications, and systems.
• Gain a deep understanding of Alma’s systems and architecture and the software development processes used to develop it.
• Provide subject matter expertise in the areas of secure coding, application authentication, encryption, and quickly research and become competent in other areas as needed.
• Collaborate with teammates, PMs, and peers to design, develop and implement engineering’s technical security strategy and architecture.
• Collaborate with the Platform Infrastructure team to configure, troubleshoot, and maintain a security infrastructure that monitors and protects against security breaches and intrusions.
• Continually research current and emerging security threats and technologies and develop the appropriate technical solutions with the latest security tools to mitigate threats and security vulnerabilities as well as automate repeatable activities and propose impactful changes and guidance to all of these areas.
• Build and provide high-quality application security documentation and educate and train Alma engineers on information system security best practices.
• Mature and execute the Threat Modeling program with engineers.
• Implement, manage, and maintain application security tools such as a WAF, SAST, and DAST scanners and own the workflow for remediation of findings.

Who you are:

• You have 4-7 years of experience working in an application security role, including familiarity with common security libraries and tools, and an expert knowledge of web application protocols.
• You strongly understand security best practices for the development lifecycle (SDLC).
• You have deep technical knowledge of Content Security Policies (CSP) and how to implement them.
• You have expert understanding of application security testing tools like OWASP ZAP and Burpsuite.
• You have experience writing code and scripts for application security testing.
• You have expert understanding of the OWASP Top 10 and other application attacks.
• You have experience installing and running a local developer environment for local testing of code.
• You have deep technical knowledge of application development, operating system environments, and AWS cloud infrastructure as they pertain to application security.
• You have personally implemented/managed SAST and DAST tools such as StackHawk and Snyk.
• You have experience identifying security issues through threat modeling and code reviews.
• You have experience building and maintaining security systems that can scale, with high levels of automation while fully owning projects from inception to completion.
• You have strong communication skills and can convey complex technical topics to non-technical stakeholders clearly and concisely.
• You enjoy user-centered software development and actively work closely with a team of engineers, designers, and product managers.

Benefits:

• We’re a remote-first company
• Health insurance plans through Cigna (medical and dental) and MetLife (vision), including FSA and HSA plans
  401K plan (Roth and traditional)
• Monthly therapy and wellness stipends
• Monthly co-working space membership stipend
• Monthly work-from-home stipend
• Financial wellness benefits through Northstar
• Pet discount program through United Pet Care
• Financial perks and rewards through BenefitHub
• EAP access through Cigna
• One-time home office stipend to set up your home office
• Comprehensive parental leave plans
• 11 paid holidays, 1 Alma Mental Health Day, and 1 Alma Volunteering Day
• Flexible PTO

Salary Band: $145,000 - $175,000

Alma’s compensation philosophy is driven by our company value of building equity. To best ensure pay equity, we typically bring in new hires near the middle of our listed salary bands and we do not negotiate our compensation (i.e. all people hired at the same level & role are brought in at the same salary, equity, and benefits). The recruiter you work with can provide more details on our philosophy.

All Alma jobs are listed on our careers page. We do not use outside applications or automated text messaging in our recruiting process. We will not ask for any sensitive financial or identification information throughout the recruiting process. Any communication during the recruitment process, including interview requests or job offers, will come directly from a recruiting team member with a helloalma.com email address.