At One Medical we are passionate about revolutionizing the primary care industry by offering a new approach to primary care. We combine people-centered design, technology, and a team of talented health care providers to give our members an amazing experience.
One Medical is the fastest-growing primary care system in the country with over 70 locations nationwide in Boston, Seattle, Chicago, Los Angeles, New York, Phoenix, the San Francisco Bay Area, and Washington, DC.
If you like to break apps and you know what it takes to secure apps, then our Application Security Engineer role is for you. Application security engineers work on a team that identifies threats and risks, vulnerabilities and attack vectors, and works with engineering to develop ways to mitigate and prevent. This is very much a product security role, where you have the opportunity to take ownership in the overall direction of the security of our products, including cloud and mobile apps.
This role is on the front lines of securing hundreds of thousands of people’s healthcare and personal information. It is not just about finding and fixing vulns; it is very much revolutionizing the security of healthcare. Bring your technical chops to a really good cause.
What you'll work on:
In general, break applications and find ways to prevent them from being broken.
Hands-on security testing (black-box, gray-box) and code review of cloud and mobile products, APIs, internal automation, and internal applications.
Threat modeling product features and production environments.
Security partnership with product development and engineering teams.
Product security guidance and architecture oversight, design reviews, and security feature roadmap collaboration.
Security research, presentations, publications, and security industry collaboration.
You'll be set up for success if you have:
Application security experience (product security) with hands-on app breaking, finding vulnerabilities, and working with devs to mitigate vulnerabilities.
Experience with OS level vulnerabilities and DB level vulnerabilities
Relevant working experience with Unix/Linux and multiple DBs including MySQL, PostgreSQL, Mongo, Redis, etc.
Knowledge of real world, applied crypto techniques
Experience with scripting, shells, automation
B.S. / M.S. in Computer Science, Electrical Engineering or related experience.
Bonus points if you have:
Penetration and/or Red Teaming testing experience
Production network security experience
CI and automation experience
Benefits designed to aid your health and wellness:
Taking care of you today
Paid sabbatical after 5 and 10 years
Employee Assistance Program - Free confidential advice for team members who need help with stress, anxiety, financial planning, and legal issues
Competitive Medical, Dental and Vision plans
Free One Medical memberships for yourself, your friends and family
Pre-Tax commuter benefits
PTO cash outs - Option to cash out up to 40 accrued hours per year
Protecting your future for you and your family
Credit towards emergency childcare
Company paid maternity and paternity leave
Paid Life Insurance - One Medical pays 100% of the cost of Basic Life Insurance
Disability insurance - One Medical pays 100% of the cost of Short Term and Long Term Disability Insurance
This is a full-time role based in San Francisco, CA.
One Medical is an equal opportunity employer and encourages all applicants from every background and life experience.