Security Engineer: App Sec Lead

Location: Remote or in-office option in San Francisco or New York

The Mission: Join us in building the core infrastructure that enables the mass delivery of clinical AI across American healthcare. Your work will directly translate into improving patient outcomes by accelerating access to treatment and massively increasing operational efficiency for healthcare workers.

What We Look for in a Great Application Security Engineer

We are looking for an application security engineer who is excited about building a program from scratch hand in hand with our amazing engineering team. If the following things excite you, you should apply!

• You see a greenfield in application security and can imagine what the end product would like and how to get us there.

• Getting your hands dirty in the code base (NodeJS/Typescript/Python), including even fixing some findings or contributing to some secure libraries, and eventually being an architect for our secure development libraries sounds like an amazing time.

• No process for things is simply an opportunity to partner with the right engineers and leaders to build security process

• Firing up your favorite pentesting tools and poking at the codebase yourself to see if you can find a vulnerability or two (hopefully no more than that)

• In the near future, turning around and helping hire the rest of the application security team at Latent as the company grows

What You'll Work On (Responsibilities)

As the first dedicated application security engineer, you will be

• Choosing the right App Sec tools for our environment to make code secure before it is shipped and working with engineering to role them out widely

• Create and mature processes around core pillars of Latent’s security program: vulnerability management, architecture reviews, pentesting, and threat modeling

• Doing code reviews and even a little bug fixing yourself (we are a startup after all)

• Helping build and POC new secure ways of writing code (validation libraries, improvements to authentication/authorization practices, encryption SDKs for developers)

• Helping re-imagine permissioning and authorization for users of the Latent platform

• Working alongside engineers to balance business requirements with the right security controls

• Creating a mature pentesting and/or bug bounty program to validate production code is being

• Bringing security checks and tooling to the places that developers work (AI-based IDEs, CI/CD, ect..)

Technical Qualifications & Environment

You should have experience creating, building, or scaling (or all three) a hands-on application security program in an organization that is cloud first.

• Primary Coding Language: Javascript (NodeJS/Typescript) and Python

• Experience doing threat modeling and architecture reviews

• Experience working with engineering and technical leadership to build security processes like vulnerability management

• Deep understanding of web and api-based security vulnerabilities (how to spot them, how to fix them, and what patterns need to be created to counter them)

• Experience architecting (and maybe even building) access management and authorization systems

• Bonus Points: You dabble in other areas of security (Cloud, IT, GRC ect..), have a little bit of knowhow in security detection and response, or have worked in a HIPAA-compliant environment.