Apply
Application Security Engineer
Fully Remote
Apply
Job Type
Full-time
Description

  

About Us:    

On a mission to deliver affordable, delightful healthcare for all, First Stop Health provides connected, whole-person virtual care to employers 24/7 through app, website, or phone in all 50 states. First Stop Health prioritizes an engaging and easy-to-use experience, setting people on healthier journeys through care at multiple stages.


First Stop Health offers a comprehensive benefits package that includes various health and medical coverage options, dental and vision coverage, disability and life coverage, making healthcare easily accessible. For those that choose to waive medical coverage a monthly medical waiver allowance will be provided. 


First Stop Health offers a remote-first work environment and flexible paid time off, including Summer Fridays. Furthermore, the employer match 401k plan and monthly phone stipend demonstrates the company's commitment to employee financial well-being. The First Stop Health membership benefit is another added perk for employees and provides our virtual care solutions -- Urgent Care, Mental Health, and Primary Care -- from their very first day!



Job Description:     

We are seeking an Application Security Engineer to be responsible for designing, implementing, and maintaining application security practices across the organization. This role partners closely with engineering, DevOps, and the broader Information Security team to embed security into the software development lifecycle (SDLC) and ensure applications are resilient against evolving threats. 

This position requires a deep understanding of application security architecture and design principles, the ability to perform advanced security assessments, and the skill to communicate complex security risks clearly to both technical and non-technical audiences.



Responsibilities:    

Application Security Architecture & Design 

  • Apply deep knowledge of application security architecture and design principles, including frameworks such as OWASP SAMM, to influence secure system design. 
  • Review application architectures to identify security risks and recommend appropriate controls and mitigation strategies. 
  • Design and implement secure coding standards, guidelines, and patterns aligned with industry best practices. 

Secure Development Lifecycle (SDLC) 

  • Lead and support the implementation of a secure SDLC, integrating security controls into design, development, testing, and deployment processes. 
  • Partner with engineering leadership to embed security requirements and checkpoints into CI/CD pipelines. 
  • Ensure security requirements are consistently applied across cloud, web, mobile, and API-based applications. 

Threat Modeling & Risk Assessment 

  • Perform and facilitate threat modeling exercises with development teams to identify potential attack vectors and prioritize risks. 
  • Conduct risk assessments and provide actionable guidance to reduce application-level security risk. 
  • Communicate risk findings clearly, balancing technical detail with business impact. 

Security Testing & Assessments 

  • Lead application security assessments, including static and dynamic analysis, architecture reviews, and manual testing. 
  • Perform and oversee code reviews to identify security vulnerabilities and design flaws. 
  • Lead and coordinate penetration testing engagements, including scoping, execution, remediation validation, and reporting. 

Advisory & Enablement 

  • Serve as a trusted security advisor to development teams, providing expert guidance on secure design, implementation, and remediation. 
  • Develop and deliver security training and awareness content for developers and technical stakeholders. 
  • Contribute to security documentation, standards, and internal knowledge bases. 

Threat Intelligence & Continuous Improvement 

  • Monitor relevant threat intelligence sources related to application and software supply chain risks. 
  • Analyze emerging threats and vulnerabilities and communicate relevant findings to the Information Security team and other stakeholders. 
  • Recommend enhancements to application security controls and practices based on evolving threats and industry trends. 



Requirements:    

Education: 

  • Preferred Bachelor’s degree or equivalent practical experience 
  • Preferred Security+, Certified Application Security Engineer (CASE), Certified Secure Software Engineer Lifecycle Professional (CSSLP), etc. 

Experience: 

  • 5 - 8 years in information security, IT, or related technical roles 

Skills: 

  • Strong understanding of application security architecture, design principles, and secure coding practices. 
  • Experience securing CI/CD pipelines and DevOps workflows. 
  • In-depth knowledge of security best practices and industry standards (e.g., OWASP Top 10, CWE, NIST, ISO-aligned controls). 
  • Experience implementing and operating a secure SDLC in modern development environments. 
  • Ability to conduct complex security assessments, including manual code reviews and architecture analysis. 
  • Experience leading security assessments and penetration testing engagements. 
  • Working knowledge of threat modeling methodologies and risk assessment techniques. 
  • Ability to clearly and effectively communicate complex security concepts to developers, engineers, leadership, and other stakeholders. 
  • Strong knowledge of security principles and technologies (e.g., encryption, authentication, firewalls, IDS/IPS, incident response, EDR, etc.). 
  • Hands-on experience with SAST, DAST, SCA technologies such as Snyk, GitHub Advanced Security, etc. 
  • Familiarity with cloud platforms (AWS, Azure, or GCP) and associated security features and configurations. 
  • Understanding regulatory standards (GDPR, HIPAA, PCI-DSS, ISO 27001) and how they impact operations. 
  • Strong analytical and problem-solving skills; able to identify risks and propose effective mitigations. 
  • Excellent communication and collaboration skills.


First Stop Health is committed to diversity, equity, inclusion, and belonging. Research shows that women, people of color and other historically underrepresented groups tend to only apply to jobs in which they meet all the job requirements. Unsure if you check every box? Apply. We would love to consider your unique experiences and how you could make First Stop Health even better.


To learn more about First Stop Health, visit www.fshealth.com and if you require any assistance during the application process or have questions, please don't hesitate to contact our talent acquisition team via email at careers@fshealth.com

Apply
View All Jobs