Principal Application Security Engineer

Posted on 8/3/2023

INACTIVE

1,001-5,000 employees

Online marketplace for finding and booking healthcare appointments

Company Overview

Zocdoc is a leading healthcare tech company that prioritizes patient empowerment, offering a seamless online platform for finding in-network doctors, booking appointments, and accessing reviews. The company's competitive edge lies in its user-friendly interface, comprehensive services, and commitment to personalized care, as evidenced by their doctors' attentive approach to patient history and preventative plans. With its robust online presence across the United States, Zocdoc is redefining the healthcare experience by making it more accessible and patient-centered.

Company Stage

Later Stage VC

Total Funding

$426.8M

Founded

2007

Headquarters

New York, New York

Growth & Insights

Headcount

6 month growth

↓ -3%

1 year growth

↑ 1%

2 year growth

↑ 44%

Locations

New York, NY, USA

Experience Level

Entry

Junior

Mid

Senior

Expert

Desired Skills

AWS

JavaScript

Java

Scala

SQL

Python

CategoriesNew

IT & Security

Software Engineering

Requirements

Deeply passionate about security best practices, software development, and mastering new technology
Excited to partner with software engineers on tech designs and code reviews with an eye for improving security
Experienced giving risk and technical advice on building web applications that result in hardened services that still allow for a great user experience
Not afraid of driving infosec initiatives on your own or being a leader on bigger projects
Organized, and can manage multiple threads working with our Infosec, Compliance, Infrastructure, and Product teams
Motivated by building secure products that make healthcare more accessible and safer for patients
Experience securing and building web and mobile based B2C and/or B2B software products
Managed vulnerability detection and resolution processes, with experience with automated code analysis tools and reporting out to a larger technology team
Worked with development teams to provide specific recommendations on how to fix and prioritize vulnerabilities and are subject matter expert on secure design, common vulnerabilities and attack vectors (e.g. OWASP, SANS), and secure coding practices
A fundamental understanding of security frameworks like NIST CSF
Experience working with AWS or other cloud environments
Proficiency with at least one (1) common programming languages such as C#, Scala, Java, Python, Javascript, etc. and practiced code reviewer
Strong investigative skills, including expertise of SQL to conduct analysis
8+ years of total engineering experience, with 4+ years in a Security Engineering role

Responsibilities

Assessing Zocdoc's application threat landscape through architecture reviews, code analysis, threat modeling, and data investigations
Reviewing changes to our production environments and helping engineers design and build more secure products
Closely partnering with our infosec and compliance teams to create long lasting processes and security controls with industry best practices
Evaluating and operationalizing security and threat scanning tools by integrating with our development environments and build pipelines
Prioritizing and reporting the outcomes of vulnerability scans and penetration testing, and proposing appropriate remediation or mitigation controls
Engaging with vendors who support our application security efforts, including researching new vendor solutions, managing vendor performance during projects, and ensuring work product from our suppliers is reviewed and incorporated into our workflow (e.g. pentesting results are ticketed for follow-up)
Helping with HITRUST and SOC audits by coordinating with other teams, implementing controls, and gathering evidence

Desired Qualifications

CISSP and OSCP are

Our Mission

Healthcare should work for patients, but it doesn’t. In their time of need, they call down outdated insurance directories. Then wait on hold. Then wait weeks for the privilege of a visit. Then wait in a room solely designed for waiting. Then wait for a surprise bill. In any other consumer industry, the companies delivering such a poor customer experience would not survive. But in healthcare, patients lack market power. Which means they are expected to accept the unacceptable.

Zocdoc’s mission is to give power to the patient. To do that, we’ve built the leading healthcare marketplace that makes it easy to find and book in-person or virtual care in all 50 states, across +200 specialties and +12k insurance plans. By giving patients the ability to see and choose, we give them power. In doing so, we can make healthcare work like every other consumer sector, where businesses compete for customers, not the other way around. In time, this will drive quality up and prices down.

We’re 15 years old and the leader in our space, but we are still just getting started. If you like solving important, complex problems alongside deeply thoughtful, driven, and collaborative teammates, read on.

Your Impact on our Mission:

Zocdoc’s most important asset is our people. Join Zocdoc as a Principal Application Security Engineer to help provide better care to patients and build a better health care experience! As a Principal Application Security Engineer you’ll play a critical role in keeping patients and healthcare providers safe and work closely on cutting edge technology. You’ll define our application security strategy and partner with security-friendly product and technology teams to incorporate security into the application development lifecycle. This is a great opportunity to anchor a growing team, work with top notch Technology and Compliance teams, and apply your hard earned skills for a great mission and impact.

You’ll enjoy this role if you are…

Deeply passionate about security best practices, software development, and mastering new technology
Excited to partner with software engineers on tech designs and code reviews with an eye for improving security
Experienced giving risk and technical advice on building web applications that result in hardened services that still allow for a great user experience
Not afraid of driving infosec initiatives on your own or being a leader on bigger projects
Organized, and can manage multiple threads working with our Infosec, Compliance, Infrastructure, and Product teams
Motivated by building secure products that make healthcare more accessible and safer for patients

Your day to day is…

Assessing Zocdoc’s application threat landscape through architecture reviews, code analysis, threat modeling, and data investigations
Reviewing changes to our production environments and helping engineers design and build more secure products
Closely partnering with our infosec and compliance teams to create long lasting processes and security controls with industry best practices
Evaluating and operationalizing security and threat scanning tools by integrating with our development environments and build pipelines
Prioritizing and reporting the outcomes of vulnerability scans and penetration testing, and proposing appropriate remediation or mitigation controls
Engaging with vendors who support our application security efforts, including researching new vendor solutions, managing vendor performance during projects, and ensuring work product from our suppliers is reviewed and incorporated into our workflow (e.g. pentesting results are ticketed for follow-up)
Helping with HITRUST and SOC audits by coordinating with other teams, implementing controls, and gathering evidence

You’ll be successful in this role if you have…

Experience securing and building web and mobile based B2C and/or B2B software products
Managed vulnerability detection and resolution processes, with experience with automated code analysis tools and reporting out to a larger technology team
Worked with development teams to provide specific recommendations on how to fix and prioritize vulnerabilities and are subject matter expert on secure design, common vulnerabilities and attack vectors (e.g. OWASP, SANS), and secure coding practices
A fundamental understanding of security frameworks like NIST CSF
Experience working with AWS or other cloud environments
Proficiency with at least one (1) common programming languages such as C#, Scala, Java, Python, Javascript, etc. and practiced code reviewer
Strong investigative skills, including expertise of SQL to conduct analysis
8+ years of total engineering experience, with 4+ years in a Security Engineering role.
CISSP and OSCP are bonus

Benefits:

Flexible, hybrid work environment
Unlimited PTO
100% paid employee health benefit options
Employer funded 401(k) match
L&D offerings + a free LinkedIn learning account
Corporate wellness programs with Headspace and Peloton
Sabbatical leave (for employees with 5+ years of service)
Competitive parental leave
Cell phone reimbursement
In office perks including:
- Catered lunch everyday along with snacks
- Commuter Benefits
- Convenient Soho location

Zocdoc is committed to fair and equitable compensation practices. Salary ranges are determined through alignment with market data. Base salary offered is determined by a number of factors including the candidate’s experience, qualifications, and skills. Certain positions are also eligible for variable pay and/or equity; your recruiter will discuss the full compensation package details.

NYC Base Salary Range

$195,000—$240,000 USD

About us
Zocdoc is the country’s leading digital health marketplace that helps patients easily find and book the care they need. Each month, millions of patients use our free service to find nearby, in-network providers, compare choices based on verified patient reviews, and instantly book in-person or video visits online. Providers participate in Zocdoc’s Marketplace to reach new patients to grow their practice, fill their last-minute openings, and deliver a better healthcare experience. Founded in 2007 with a mission to give power to the patient, our work each day in pursuit of that mission is guided by our six core values. Zocdoc is a private company backed by some of the world’s leading investors, and we believe we’re still only scratching the surface of what we plan to accomplish.

Zocdoc is a mission-driven organization dedicated to building teams as diverse as the patients and providers we aim to serve. In the spirit of one of our core values - Together, Not Alone, we are a company that prides itself on being highly collaborative, and we believe that diverse perspectives, experiences and contributors make our community and our platform better. We’re an equal opportunity employer committed to providing employees with a work environment free of discrimination and harassment. Applicants are considered for employment regardless of race, color, ethnicity, ancestry, religion, national origin, gender, sex, gender identity, gender expression, sexual orientation, age, citizenship, marital or parental status, disability, veteran status, or any other class protected by applicable laws.

Job Applicant Privacy Notice