Spring Health

Application Security Engineer

United States (Remote)

Spring Health is a comprehensive mental health solution for employers and health plans. Unlike any other solution, we use clinically validated technology called Precision Mental Healthcare to pinpoint and deliver exactly what will work for each person — whether that’s meditation, coaching, therapy, medication, and beyond.
 Today, Spring Health equips over 800 companies, from start-ups to multinational Fortune 500 corporations, as a leading and preferred mental health service. Companies like General Mills, Guardian, Bain, and Instacart use the Spring Health platform to provide mental health services to thousands of their team members globally. We have raised over $300 million from prominent investors including Kinnevik, Tiger Global, Northzone, RRE Ventures, Rethink Impact, Work-Bench, William K Warren Foundation, SemperVirens, Able Partners, True Capital Ventures, and a strategic investor, Guardian Life Insurance. Thanks to their partnership, our current valuation has reached $2 billion.
 We are looking for an Application Security Engineer to be part of our Security Operations & Engineering (SecOps) team. SecOps is committed to proactively detect, respond to, simulate, and identify breach attempts and threat actors.
 You will work with a team who oversee overall enterprise security systems implementation, lifecycle (S-SDLC), and support. You will help improve the company’s ability to respond to threats through technology selection, internal product development and implementations with a heavy emphasis on automation of manual tasks and processes. We’re looking for security engineers that can work collaboratively with our security, product, infrastructure architecture and engineering teams to implement secure solutions.
 What You'll Be Doing

  • Improve the security throughout the systems / solutions selection, implementation, operation, and full lifecycle of the service.
  • Create detailed process management workflows to ensure security engineering activities are tracked, processes reviewed, policies are followed, and audit requirements are met. 
  • Assist peer teams in securing applications, business software and services, and infrastructure.
  • Participate in new solution requirements gathering and design development.
  • Assist with development, review, and execution of test plans to ensure effectiveness of security controls.
  • Assist teams with mitigating findings including assessment of impacts, possible solutions, and efficacy of remedies.
  • Assist with the secure integration of cloud applications and infrastructure.
  • Develop and maintain technical support/knowledge base. 
  • Develops Service Level Agreements to set expectations and measure performance. 
  • Be a member of the Incident Response Team.
  • Other duties as assigned. Management reserves the right to assign or reassign duties and responsibilities at any time.

What We Expect From You

  • You are a dedicated, highly organized and motivated person who is passionate about technology and security.
  • You are inquisitive, have a can-do attitude and a remarkable positive track record for figuring things out and getting things done.
  • You work well within a team but also individually and with little direction.
  • You can communicate effectively in both written and oral forms to technical and non-technical audiences.
  • You can work under deadlines in a fast-paced environment.
  • Experience implementing controls against various Frameworks such as NIST CSF, HIPAA, HITRUST, ISO-27001 and SOC-2
  • Strong hands-on working knowledge about modern web application architecture and how to secure it (OWASP, SANS Top 25).
  • Experience securing CI/CD pipelines enabling strong security controls through the implementation of commercial and custom built tooling.
  • Experience performing code audits on internal and open source libraries for inclusion in our products.
  • Experience with DAST, SAST, as well as manual testing techniques.
  • Experience with IaaS cloud infrastructure, container technologies, and software-oriented architecture.
  • Experience building security tools and automation in languages such as Go, JavaScript, Python, or Ruby.
  • Bachelor’s degree in Computer Science, Engineering, MIS, IT. Or related coursework and/or equivalent work experience.
  • Minimum of 5 years of professional or technical experience in IT with a strong background in all aspects of security tools administration and incident response.

What We’d Love To See

  • Must have within 12 months of hire Security+, CYSA+, GSEC, GCIH, CEH, GPEN, Google or Azure or AWS Cloud Security Professional /Engineer unless alternative professional education is approved.
  • Experience with managing bug bounty programs.
  • PenTesting focused certifications such as GPEN and OSCP.
  • 4+ years of demonstrated hands-on years experience configuring and implementing multiple cloud based security tools (e.g. SIEMs, EDR, UBA, PAM, IAM, MFA, DLP, etc.).
  • 4+ years of demonstrated hand-on experience developing, implementing, and supporting application security services consumed by product teams across cloud-based infrastructure (AWS, Azure, Google Cloud).
    Don’t meet every single requirement? Studies have shown that women, communities of color and historically underrepresented talent are less likely to apply to jobs unless they meet every single qualification. At Spring Health we are dedicated to building a diverse, inclusive and authentic workplace, so if you’re excited about this role but your past experience doesn’t align perfectly with every qualification in the job description, we encourage you to apply anyway. You may be just the right candidate for this or other roles!

 Benefits Of Working At Spring Health
Focus on total health including:
Generous medical, dental, vision coverage available day 1 + access to One Medical
 Access to 12 free total visits to our entire network of therapists, medication management providers, and coaches! This renews on January 1st each year and applies to your dependents as well
 Unlimited paid time off in addition to 12 paid holidays throughout the year
 16-18 weeks paid parental leave
 $500 per year Wellness Reimbursement
 Creating a Culture You Can Thrive In
Flexible remote and hybrid work style arrangements
 Calm Fridays to encourage meeting & distraction free days
 Donation matching to support your favorite causes
 Dedicated employee resource groups
 Supporting You Financially Through
Our People team benchmarks all salaries to ensure all team members are paid competitively. On top of a competitive salary, Spring Health offers stock options that begin vesting one year into your role at the company
 Employer sponsored 401(k) match of up to 2%
 Creating a Culture You Can Thrive In
Flexible work arrangements: 60% of Spring Health team members work fully remote while 40% work in a hybrid model from our New York City offices
 Calm Fridays to encourage meeting & distraction free days
 Donation matching to support your favorite causes
 Dedicated employee resource groups

Get new jobs update?

© 2022 P2PSEC. All rights reserved.