Easy Apply
Easy Apply
The Staff Application Security Engineer at Kyruus Health will lead application security strategy, conduct risk assessments, and mentor team members while ensuring compliance with security standards.
At Kyruus Health, our mission is to connect people to the right care, in pursuit of our vision: a better healthcare system- one that's transparent and accessible- where everyone gets the care they need. Our values are at the heart of everything we do:
We care deeply – We do the right thing even if it’s the harder thing.
We are fiercely driven – We harness our curiosity to pursue continuous improvement and create simple solutions to complex problems.
We lead with respect – We celebrate the individual traits that make each of us unique and seek out different voices to listen and learn.
We are accountable – We do what we promise for each other and our customers.
Here’s what that would mean for you in the Staff Application Security Engineer role.
Care: You care about our patients, our customers, our employees and our company. You want to do everything you can to keep them and their data safe.
Driven: You want to build the best Information Security program possible.
Respect: You respect the other departments at Kyruus Health. Security should be an enabler of their success.
Accountable: You value our compliance certifications and look to improve with each assessment cycle.
What you will do in a Staff Application Security Engineer role at Kyruus Health:
- Application Security Strategy: Lead and champion the Kyruus Health strategy for Application Security as it relates to our product portfolio for Payers, Providers, and Medical Groups.
- Leadership & Influence: Act as the internal expert, leading key outcomes and solutions within application security. You'll effectively communicate with and influence senior stakeholders and all organizational levels, providing expert guidance on complex application security challenges. You'll also influence and drive security initiatives across the organization, contributing to the overall organizational security strategy.
- Application Security Architecture & Design: Leverage your deep understanding of application security architecture and design principles to design and implement secure coding standards and guidelines. You'll provide expert security guidance to development teams, ensuring security is baked in from the ground up.
- Security Assessments & Remediation: Lead complex security assessments and penetration testing engagements, performing in-depth code reviews and basic skills in threat modeling and risk assessment. You'll proactively monitor relevant threat intelligence and communicate critical findings to the Information Security Team and other stakeholders.
- Secure Development Lifecycle (SDLC): Drive the implementation and enhancement of our Secure SDLC, ensuring security is integrated seamlessly throughout.
- Mentorship & Training: Mentor other application security engineers, as well as software engineers, fostering a culture of continuous learning and growth. You'll also develop and deliver tailored security training and awareness programs, specifically focused on AppSec best practices, to various audiences across the organization.
- Risk Management & Communication: Effectively communicate complex security concepts, risks, and recommendations to various audiences, including senior management. You'll leverage your understanding of security governance, risk, and compliance (GRC) to ensure our applications meet rigorous security standards.
- Innovation & Best Practices: Introduce improvements based on fact-based analysis or benchmarking, leading to higher levels of performance. You'll demonstrate in-depth knowledge of security best practices and industry standards, consistently challenging the status quo to accelerate disruption and foster an environment where innovation and calculated risks are encouraged.
- Independent Judgment & Ownership: Exercise independent judgment in methods and techniques, creating formal networks for cross-group coordination. You'll positively and productively own failures, displaying ownership for others to witness, and prioritize and deliver on commitments efficiently to build trust with stakeholders.
- Adaptability & Resilience: React quickly, synthesize diverse feedback, and align relevant stakeholders to urgent, ever-changing priorities. You'll exhibit mental fortitude and grit, maintaining passion, perseverance, and consistency when facing adversity and difficult challenges.
- You’ll report to the Senior Director, Information Security in the Information Security Department within the Engineering & Technology Division
- Kyruus Health will bring you through an onboarding process that is both structured and self-guided, designed to enable connection and productivity as you learn more about our company, functions and products. Additionally, we have a culture of feedback, inclusive of our performance review process that provides you with the coaching, resources and opportunities to help you learn and grow with us.
- Kyruus Health also loves to see an internal transfer. If a linear career path is not what you’re looking for, you can work with your manager and HR to explore lateral moves to other parts of the organization as you continue to grow with us.
How You Can Grow
What you will bring:
- 8+ years of experience within application security, information security
- Deep understanding of regulatory compliance standards, such as GDPR, HIPAA, PCI-DSS, or ISO 27001, and experience in leading the implementation and maintenance of compliance programs.
- Has comprehensive knowledge of security principles, technologies, and best practices, including encryption, authentication, SAST, DAST, SCA, and secrets scanning.
- Knowledge of security principles, technologies, and best practices, including firewalls, web application firewalls, intrusion detection/prevention systems, and incident response.
- Understanding of security testing tools and techniques, such as vulnerability scanning, penetration testing, and secure code analysis.
- Understanding of cloud platforms (AWS, Azure, or Google Cloud) and their security features, best practices, and configurations, including hybrid and multi-cloud environments.
- Ability to provide thought leadership and strategic direction in application security, balanced with the ability to lead security assessments, penetration testing, and code reviews.
- Exceptional analytical and problem-solving skills, with the ability to identify and address complex security risks and develop innovative, comprehensive mitigation strategies.
- Strong project management skills, with the ability to plan, execute, and monitor security projects and initiatives, effectively prioritizing based on risk and business impact.
- Excellent communication and collaboration skills, enabling effective interaction with both technical and non-technical stakeholders.
- Experience in mentoring, coaching, and developing less experienced team members, building a strong team culture and fostering collaboration across the organization.
Compensation Information:
- Base Pay Range: $156,000- $175,000/year
- Other Compensation: In addition to your salary, this position is also eligible for our annual bonus program, equity, and benefits. Salary ranges are a guideline and pay is based on a variety of factors including; qualifications, competencies, skill-set, and organizational needs. Your recruiter can share more information about the salary range specific to your candidacy and other factors during the hiring process.
- Benefits:Our benefits package includes medical, dental, and vision benefits, unlimited paid time off (PTO), generous paid parental leave, a home office stipend, 401(k) program with company match, and a wellness and lifestyle program. Please refer to the company's benefits section on our career page or connect with your recruiter for full details.
Equal Opportunity Employer
Kyruus Health is dedicated to providing equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, gender, national origin, citizenship, age, disability, sexual orientation, genetic information. We will not discriminate, in any employment decision, against any individual or group on the basis of race, color, religion, sex, gender, national origin, citizenship, age, disability, sexual orientation, genetic information, or veterans/national guard/military reserve status. This shall be done in compliance with all applicable federal, state, and local laws in every location in which Kyruus Health has facilities.
Top Skills
Authentication
AWS
Azure
Dast
Encryption
Firewalls
Gdpr
GCP
Hipaa
Incident Response
Intrusion Detection/Prevention Systems
Iso 27001
Pci-Dss
Penetration Testing
Sast
Sca
Secrets Scanning
Secure Code Analysis
Vulnerability Scanning
Web Application Firewalls
Similar Jobs at Kyruus Health
Healthtech • Software
As a Staff Data Engineer at Kyruus Health, you will design and maintain data pipelines, refactor code, enhance productivity with AI, and mentor junior engineers while ensuring collaborative communication.
Top Skills:
Apache BeamAWSAzureBigQueryDatadogGCPLookerPostgresPythonRedshiftSQLTableau
Healthtech • Software
As Director of Data Analytics at Kyruus Health, you will lead the analytics team, drive strategic planning for analytics platforms, manage technical aspects, and ensure effective data governance, while promoting best practices and innovation in analytics solutions.
Top Skills:
BigQueryDbtETLGenerative AiLookerMlNlpSnowflakeTableau
Healthtech • Software
The Senior Product Designer will develop user-focused healthcare solutions, execute design processes from research to prototypes, and collaborate with cross-functional teams to improve product design and usability.
Top Skills:
DatadogFigmaLookerMaze
What you need to know about the Los Angeles Tech Scene
Los Angeles is a global leader in entertainment, so it’s no surprise that many of the biggest players in streaming, digital media and game development call the city home. But the city boasts plenty of non-entertainment innovation as well, with tech companies spanning verticals like AI, fintech, e-commerce and biotech. With major universities like Caltech, UCLA, USC and the nearby UC Irvine, the city has a steady supply of top-flight tech and engineering talent — not counting the graduates flocking to Los Angeles from across the world to enjoy its beaches, culture and year-round temperate climate.
Key Facts About Los Angeles Tech
- Number of Tech Workers: 375,800; 5.5% of overall workforce (2024 CompTIA survey)
- Major Tech Employers: Snap, Netflix, SpaceX, Disney, Google
- Key Industries: Artificial intelligence, adtech, media, software, game development
- Funding Landscape: $11.6 billion in venture capital funding in 2024 (Pitchbook)
- Notable Investors: Strong Ventures, Fifth Wall, Upfront Ventures, Mucker Capital, Kittyhawk Ventures
- Research Centers and Universities: California Institute of Technology, UCLA, University of Southern California, UC Irvine, Pepperdine, California Institute for Immunology and Immunotherapy, Center for Quantum Science and Engineering