Principal Application Security Engineer
Posted on 8/3/2023

1,001-5,000 employees

Online marketplace for finding and booking healthcare appointments
Company Overview
Zocdoc is a leading healthcare tech company that prioritizes patient empowerment, offering a seamless online platform for finding in-network doctors, booking appointments, and accessing reviews. The company's competitive edge lies in its user-friendly interface, comprehensive services, and commitment to personalized care, as evidenced by their doctors' attentive approach to patient history and preventative plans. With its robust online presence across the United States, Zocdoc is redefining the healthcare experience by making it more accessible and patient-centered.

Company Stage

Later Stage VC

Total Funding





New York, New York

Growth & Insights

6 month growth


1 year growth


2 year growth

New York, NY, USA
Experience Level
Desired Skills
IT & Security
Software Engineering
  • Deeply passionate about security best practices, software development, and mastering new technology
  • Excited to partner with software engineers on tech designs and code reviews with an eye for improving security
  • Experienced giving risk and technical advice on building web applications that result in hardened services that still allow for a great user experience
  • Not afraid of driving infosec initiatives on your own or being a leader on bigger projects
  • Organized, and can manage multiple threads working with our Infosec, Compliance, Infrastructure, and Product teams
  • Motivated by building secure products that make healthcare more accessible and safer for patients
  • Experience securing and building web and mobile based B2C and/or B2B software products
  • Managed vulnerability detection and resolution processes, with experience with automated code analysis tools and reporting out to a larger technology team
  • Worked with development teams to provide specific recommendations on how to fix and prioritize vulnerabilities and are subject matter expert on secure design, common vulnerabilities and attack vectors (e.g. OWASP, SANS), and secure coding practices
  • A fundamental understanding of security frameworks like NIST CSF
  • Experience working with AWS or other cloud environments
  • Proficiency with at least one (1) common programming languages such as C#, Scala, Java, Python, Javascript, etc. and practiced code reviewer
  • Strong investigative skills, including expertise of SQL to conduct analysis
  • 8+ years of total engineering experience, with 4+ years in a Security Engineering role
  • Assessing Zocdoc's application threat landscape through architecture reviews, code analysis, threat modeling, and data investigations
  • Reviewing changes to our production environments and helping engineers design and build more secure products
  • Closely partnering with our infosec and compliance teams to create long lasting processes and security controls with industry best practices
  • Evaluating and operationalizing security and threat scanning tools by integrating with our development environments and build pipelines
  • Prioritizing and reporting the outcomes of vulnerability scans and penetration testing, and proposing appropriate remediation or mitigation controls
  • Engaging with vendors who support our application security efforts, including researching new vendor solutions, managing vendor performance during projects, and ensuring work product from our suppliers is reviewed and incorporated into our workflow (e.g. pentesting results are ticketed for follow-up)
  • Helping with HITRUST and SOC audits by coordinating with other teams, implementing controls, and gathering evidence
Desired Qualifications
  • CISSP and OSCP are