Lead Application Security Engineer

ModMed is hiring a Lead Application Security Engineer to champion the security of our applications across the organization. This role will be responsible for implementing, managing, and maturing our application security program, with a focus on rolling out Snyk for Static Application Security Testing (SAST) and Software Composition Analysis (SCA) across all teams.This is an exciting and high impact opportunity within a fast-paced Healthcare IT company that is truly Modernizing Medicine!

Your Role:

• Implement and Scale Application Security: Lead the organization-wide implementation of Snyk, ensuring that SAST and SCA processes are integrated seamlessly into the development lifecycle.
• Security Architecture and Design: Collaborate with engineering and product teams to design secure applications, enforce secure coding practices, and conduct architecture reviews.
• Threat Modeling and Risk Assessment: Conduct threat modeling sessions and security risk assessments to identify potential vulnerabilities early in the development process.
• Code Review and Vulnerability Remediation: Oversee regular code reviews focused on security and assist teams in remediating vulnerabilities identified in SAST, SCA, and manual code analysis.
• Security Standards and Policies: Establish and promote application security standards, guidelines, and policies to support secure development practices.
• Incident Response Support: Assist with application-related security incidents, providing expertise in forensics, root cause analysis, and post-incident remediation.
• Mentor and Guide Teams: Act as a security leader and mentor within the organization, providing guidance on secure development practices, and fostering a security-first mindset.
• Continuous Improvement: Continuously monitor, assess, and improve application security processes, tooling, and controls to stay ahead of emerging threats.

Skills & Requirements:

• Bachelor’s degree in Computer Science, Information Systems, or equivalent.
• 7+ years of relevant experience in application security or a related field.
• Experience with Snyk or similar SAST/SCA tools and the ability to lead an organization-wide rollout.
• In-depth understanding of secure coding practices, OWASP Top Ten, and application security frameworks.
• Strong knowledge of cloud security (AWS preferred) and familiarity with securing microservices and containerized applications (e.g., Docker, Kubernetes).
• Solid programming skills for secure code analysis (e.g., Python, Java, JavaScript).
• Excellent problem-solving and communication skills with the ability to collaborate effectively with cross-functional teams.
• Strong organizational leadership and mentoring skills, with a commitment to continuous learning and development.