Security Engineer, AppSec

About Us 

At SimplePractice, our team is dedicated to improving the health and wellness industry by building a suite of innovative solutions for practitioners and their clients. Our product supports practitioners on their clinical journey to becoming licensed, helps them manage their business and practice once they’re up and running, and enables new clients to discover and interact with practitioners. Taking a practitioner-first approach in everything we do makes it possible for health and wellness practitioners to devote more time to their clients while they use SimplePractice to start, grow, and maintain a successful private practice.

The Role

SimplePractice is seeking a versatile and experienced Security Engineer to join our growing security team. This role is pivotal in safeguarding our AWS-hosted healthcare SaaS platform, ensuring the confidentiality, integrity, and availability of sensitive health data. The ideal candidate will possess a strong background in cybersecurity, secure software development, and cloud-native security practices, contributing to our mission of delivering secure and reliable healthcare solutions.​

Responsibilities 

• Security Architecture & Collaboration
  
  • Collaborate with the cloud security engineer and infrastructure team to assess and enhance the security posture of our AWS environment, focusing on IAM policies, network configurations, and service deployments
  • Contribute to the implementation and management of Infrastructure as Code (IaC) security measures to ensure consistent and secure infrastructure provisioning
  • Assist in monitoring and responding to security events, collaborating with DevOps and IT teams to address potential threats promptly.
• Application Security & Secure SDLC
  
  • Conduct comprehensive security assessments, including static and dynamic code analyses, to identify and remediate vulnerabilities in our applications
  • Collaborate with development teams to integrate security best practices throughout the software development lifecycle (SDLC), emphasizing secure coding standards and threat modeling
  • Develop and maintain security tools and automation scripts to enhance our CI/CD pipelines, ensuring continuous security validation.
• Incident Response & Threat Management
  
  • Monitor security alerts and respond to incidents, conducting root cause analyses and implementing corrective actions
  • Participate in the development and refinement of incident response plans and playbooks
  • Stay informed about emerging threats and vulnerabilities, recommending proactive measures to mitigate risks.
• Compliance & Risk Management
  
  • Ensure adherence to healthcare industry regulations and standards, such as HIPAA, HITRUST, and PCI, by implementing appropriate security controls and conducting regular audits
• Security Monitoring & Reporting
  • Generate regular reports on security metrics, incidents, and compliance status for management review
    Stay informed about emerging threats and vulnerabilities, recommending proactive measures to mitigate risks.
• Third-Party Risk Management
  • Assess and monitor third-party vendors to ensure they meet security and compliance requirements
  • Work closely with procurement and legal teams to incorporate security considerations into vendor contracts
  • Maintain an up-to-date inventory of third-party vendors and their associated risk profiles
  • Utilize security ratings services to continuously evaluate the security posture of third-party vendors
  • Participate in risk assessments and contribute to the development of policies and procedures to manage and mitigate security risks.

Desired Skills & Experience

• Bachelor’s degree in Computer Science, Information Security, or a related field
• Minimum of 5 years of experience in cybersecurity roles, with a focus on application security, infrastructure security, or cloud security within cloud-based environments
• Proficiency in scripting and programming languages such as Python, Go, or JavaScript
• Experience with security tools and frameworks, including but not limited to Burp Suite, OWASP ZAP, Metasploit, and Nmap
• Strong understanding of AWS services and security features, as well as Infrastructure as Code (IaC) tools like Terraform or CloudFormation
• Familiarity with CI/CD processes and integrating security testing into development pipelines
• Excellent analytical and problem-solving abilities.
• Strong communication skills, capable of articulating complex security concepts to technical and non-technical stakeholders
• Proven ability to work collaboratively in cross-functional teams and adapt to a fast-paced, agile environment

Bonus Points 

• Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), or AWS Certified Security – Specialty are highly desirable

Base Compensation Range

$120,000 - $160,000 annually

Base salary is one component of total compensation. Employees may also be eligible for an annual bonus or commission. Some roles may also be eligible for overtime pay.

The above represents the expected base compensation range for this job requisition. Ultimately, in determining your pay, we’ll consider many factors including, but not limited to, skills, experience, qualifications, geographic location, and other job-related factors.

Benefits

We offer a competitive benefits program including:

• Medical, dental, vision, life & disability insurance
• 401(k) plan with company match
• Flexible Time Off (FTO), wellbeing days, paid holidays, and summer Fridays
• Mental health resources
• Paid parental leave & Backup Care
• Tuition reimbursement
• Employee Resource Groups (ERGs)

California Job Applicant Privacy Notice

Thank you for your interest in opportunities at SimplePractice LLC (“SimplePractice” or “us” or “we” or “our”). Please note that when you submit your resume or application materials to us for employment purposes, you are subject to the SimplePractice California Job Applicant Privacy Notice. 

For more information about our privacy practices, please contact us at [email protected].