Application Security Engineer

Cedar has built a category defining platform that combines data science and machine learning to connect patients with healthcare providers in a way that helps solve the critical challenges of patient billing and payment. Our technologies improve the overall experience of patient billing and engagement, enabling patients to help manage the cost and payment of their care while ensuring providers can thrive in a rapidly changing environment. Patients, providers, and payors put their trust in Cedar's platform, making security and availability an integral part of what we do.

As an Application Security Engineer, you will help expand the application security program, working across the whole product lifecycle: from input on architecture through the release process as well as ongoing assessment, triage and remediation of application vulnerabilities. As a fast-growing startup, security cannot be reactive, and so you will partner closely with our engineering teams and be hands-on with our codebase: helping teams design and implement services that are secure by default, building tools and automation where necessary so that releasing secure software is the easy and obvious path for the rest of our maker community. 

Security is not a field with a clear career path – so even if these qualifications and levels don't fit your security background perfectly, we'd still encourage you to apply.

Responsibilities

• Partner with our engineering teams across the SSDLC, evangelizing security
• Threat model projects, bake security into designs, and review code and implementations
• Support and execute assessment activities, and collaborate cross-functionally to resolve vulnerabilities (and kill bug classes)
• Contribute to security automation projects, such as static analysis, vulnerability management, and asset inventory 
• Develop security primitives that provide guardrails for our engineers

Required skills & experience

• 3+ years in technical security roles
• Proficient in a few general purpose programming languages (ideally Python & Javascript)
• Experience with threat modeling or security architecture reviews
• Experience performing code audits on internal and open source libraries
• Familiarity with security best practices and controls across the stack, with expertise in application security
• Experience developing high-signal, low-noise security automation
• Comfort communicating security risks and controls to technical and non-technical stakeholders

Desired skills

• A record of participation in the open-source and security communities
• Familiarity with HIPAA, PCI and the unique considerations around health and payments data
• Experience with vulnerability and threat management activities generally, including bug bounty and external assessment programs

What do we offer to the ideal candidate?

• An opportunity to work on a platform that is scaling very rapidly, engaging with millions of patients per year and growing at a rate of 360% YoY as of January 2021
• A chance to join a high-growth company at an early stage
• The ability to impact the growth of our company, we value all comments and suggestions!
• Openness across teams and interaction with multiple departments
• Competitive pay, employer-paid healthcare, stock options

Applicants must be currently authorized to work in the United States on a full-time basis. Cedar will not hire any applicants for the role who are present in the United States on an F-1 visa. Cedar is not an E-Verify employer and cannot employ individuals on a STEM OPT extension.