Associate Application Security Engineer

<div class="notion-selectable notion-text-block" data-block-id="356a68c4-8bc6-8091-a16f-e6e745b4125e"> <div> <div> <div>&nbsp;</div> </div> </div> </div> <div class="notion-selectable notion-text-block" data-block-id="356a68c4-8bc6-8060-97d4-e074b5341a8a"> <div> <div> <div> <div class="x78zum5">Elation Health is a clinical-first technology company dedicated to strengthening primary care.<br>We build tools that help physicians and clinicians deliver exceptional, high-quality care. Our<br>platform powers physician practices, health systems, and other care organizations that manage<br>sensitive data and depend on Elation as a critical part of their clinical workflow.</div> <div class="x78zum5"><br>As we continue to grow, we are investing in application security to help keep our web<br>applications, APIs, and patient-facing experiences secure by design.</div> <div class="x78zum5"><br>If you're excited about securing tools that help doctors and patients — and you enjoy making the<br>secure path the easiest path for engineers — we want to hear from you, even if you don't check<br>every box below!</div> <div class="x78zum5"> <p><strong>What you'll do in your first 60 days:</strong></p> <ul> <li>Assist with secure design and implementation reviews for new and existing features&nbsp;across web applications, APIs, and backend services.</li> <li>Monitor, triage, and help remediate findings from security tooling.</li> <li>Get familiar with our security technologies and processes</li> <li>Work with feature teams to understand exploitability, prioritize fixes, and track closure of&nbsp;vulnerabilities in alignment with internal SLAs.</li> <li>Implement an enterprise security control and configure it for long-term observability.</li> </ul> <p><strong>Success at 6-12 months looks like:</strong></p> <ul> <li>You're assisting in applying key application security processes</li> <li>You're helping shape technical direction for secure, AI-native, product-critical services&nbsp;handling sensitive data</li> <li>You're supporting evidence collection for compliance audits</li> <li>You've built strong partnerships with product, support, infrastructure, and IT to help&nbsp;identify and triage vulnerabilities and quickly resolve issues</li> <li>The security improvements you've implemented are measurably reducing risk</li> <li>You’re independently reviewing and triaging security alerts</li> </ul> <strong>How we work: </strong>As a member of the team, you'll contribute to the development of secure patterns<br>and tooling by identifying, triaging, and tracking vulnerabilities, while also independently<br>reviewing security alerts and supporting our incident response process to ensure security events<br>are resolved quickly and safely.</div> <div class="x78zum5"> <p><strong>WHAT WE'RE LOOKING FOR</strong></p> <p><strong>Essential:</strong></p> <ul> <li>Experience securing web applications and APIs, including a strong grasp of common&nbsp;vulnerabilities (e.g., OWASP Top 10) and practical mitigations</li> <li>Hands-on experience with application security tooling (e.g., SAST, SCA, DAST,&nbsp;IaC/container scanning) and/or observability for security-relevant signals</li> <li>Ability to communicate complex security and technical problems clearly to both&nbsp;technical and non-technical audiences</li> <li>Exposure with secure SDLC practices such as threat modeling, security-focused design&nbsp;reviews, and vulnerability management</li> <li>Track record of delivering high-quality, pragmatic security outcomes in collaboration&nbsp;with product and engineering teams</li> <li>Enthusiasm and interest in technology in general and securing systems</li> </ul> <p><em><strong>Valued but not required:</strong></em></p> <ul> <li>Exposure to building or securing systems with AI/LLMs (e.g., OpenAI, Anthropic)</li> <li>Familiarity with OAuth2/OIDC, SSO, secure API design, and multi-tenant SaaS&nbsp;architectures.</li> <li>Experience with coding languages such as Python and JavaScript</li> <li>Hands-on experience with security monitoring tooling (e.g., SIEM, IPS, WAF, SASE,&nbsp;Network Vulnerability Scanning) and/or observability for security-relevant signals</li> <li>Exposure with secure SDLC practices such as threat modeling, security-focused design&nbsp;reviews, and vulnerability management</li> <li>Knowledge of US healthcare industry, PHI/PII protection, and health tech</li> </ul> <strong>EVERYONE IS WELCOME</strong></div> <div class="x78zum5"><br>We're committed to building a diverse and inclusive engineering and security team. Please don't<br>see everything in this post as a “must have” — if you're excited about this role but don't check<br>every box, we still want to hear from you.</div> <div class="x78zum5"><br>We especially encourage applications from women, people of color, the LGBTQ+ community,<br>people with disabilities, neurodivergent people, parents, carers and people from lower socio-<br>economic backgrounds. If you have any requirements or accommodations that would help you<br>interview or work comfortably, please let us know.</div> <div class="x78zum5"><br>Our engineering team is fully remote and brings diverse backgrounds and experiences. This role<br>is open to candidates in the US, Canada, and New Zealand.</div> <div class="x78zum5">&nbsp;</div> <div class="x78zum5"><strong>Salary: $80,000 - 100,000k/yr USD</strong></div> </div> </div> </div> </div> <div class="notion-selectable notion-text-block" data-block-id="356a68c4-8bc6-8009-b032-daf24abe0b64"> <div> <div> <div>&nbsp;</div> </div> </div> </div> <hr> <p>Elation welcomes individuals from all backgrounds and walks of life. Elation is proud to be an Equal Opportunity Employer and is dedicated to creating and maintaining a diverse and inclusive work environment.</p> <p>We are committed to equal opportunity for all employees and applicants, and value individuals with diverse perspectives including, but not limited to: race, color, religion, sex, sexual orientation, socioeconomic status, age, gender identity or gender expression, national origin, disability or veteran status.</p> <p>Elation also complies with all applicable national, state and local laws governing nondiscrimination in employment as well as work authorization and employment eligibility verification requirements of the Immigration and Nationality Act and IRCA. We firmly believe a strong culture that supports a diverse and inclusive workforce allows us to achieve Elation’s mission of helping independent primary care thrive.</p>