Application Security Engineer
Overview
We are looking for an Application Security Engineer to help secure Anomaly's products, platforms, and development lifecycle. In this role, you will partner closely with Engineering, Infrastructure, and Product teams to identify and mitigate security risks across our applications and cloud environments while enabling rapid product innovation. You will be responsible for embedding security into every stage of the software development lifecycle, helping engineers build secure systems by default.
This includes performing security reviews, threat modeling new features, improving detection and remediation processes, and developing scalable security tooling and automation. The Application Security Engineer reports to the Chief Technology Officer and works closely with engineering leadership to ensure our products and infrastructure meet the security expectations of healthcare providers, partners, and regulators. This position is ideal for someone who enjoys hands-on technical security work, thrives in a fast-moving startup environment, and wants to have a direct impact on the security posture of AI-powered healthcare products.
Responsibilities
Embed security throughout the software development lifecycle, from architecture and design reviews through deployment and monitoring
Perform application security assessments, threat modeling, and code reviews for new and existing products
Develop and maintain security tooling, automation, and guardrails to help engineers identify and remediate vulnerabilities early
Manage vulnerability detection and remediation processes across applications, APIs, cloud infrastructure, and third-party dependencies
Partner with engineering teams to improve secure coding practices and security awareness
Design and implement security controls for cloud-native environments running on AWS
Evaluate and improve authentication, authorization, secrets management, and data protection mechanisms across our products
Build and maintain security monitoring and detection capabilities for application and infrastructure environments
Conduct security testing, including static analysis, dynamic analysis, dependency scanning, and penetration testing coordination
Support customer security reviews and audits by providing technical expertise related to product and application security
Help define security standards and best practices for the development and deployment of AI-powered systems
Qualifications
4+ years of experience in Application Security, Product Security, Security Engineering, or Software Engineering with a strong security focus
Strong understanding of common application security vulnerabilities and secure coding principles, including OWASP Top 10 risks
Experience conducting threat modeling, security reviews, and vulnerability assessments for web applications and APIs
Familiarity with modern application security tooling, including SAST, DAST, dependency scanning, container scanning, and CI/CD security controls
Experience securing cloud-native applications running on AWS
Proficiency in at least one modern programming language such as Python, Go, Java, TypeScript, or similar
Experience working closely with engineering teams to drive remediation and improve security posture
Understanding of authentication, authorization, cryptography, and secure system design principles
Experience operating in regulated environments such as healthcare, fintech, or enterprise SaaS is a plus
Familiarity with AI/ML systems and emerging security considerations around LLMs, agents, and model-integrated applications is a plus
Ability to balance security, engineering velocity, and business priorities in a collaborative startup environment