Description:

DoseSpot is a PE-backed start-up and a leader in the electronic prescribing software market, with its subsidiary pVerify providing an industry-leading insurance verification solution.
The company is experiencing hyper-growth at the intersection of software and healthcare, aiming to improve the healthcare experience for patients and doctors.
The Application Security Engineer will play a critical role in strengthening security within the Software Development Lifecycle.
This position involves building security control testing at scale while balancing risk reduction and adopting threat modeling in internal processes.
The role welcomes applicants from all U.S. time zones, with a preference for those in Central or Mountain time zones.
Responsibilities include collaborating with development and product teams, conducting threat modeling sessions, partnering with DevSecOps, evaluating and managing AppSec tools, building automated vulnerability management workflows, leading manual penetration testing, participating in secure code reviews, and ensuring compliance with industry regulations.

Requirements:

A Bachelor’s degree in computer science, Information Technology, or a related field is required.
Candidates should have 3-5 years of experience in application security.
A strong understanding of security principles and best practices for securing end-to-end customer experience is necessary.
A foundation in software engineering with the ability to read/write code in languages such as React, JS, Python, and Powershell is essential.
Familiarity with threat modeling paradigms like STRIDE or STRIPED is required.
Experience with cloud-based hosting providers such as AWS, GCP, or Microsoft Azure is needed.
Prior experience in web security, secure coding, software development, cryptography, and system design is expected.
A track record of delivering measurable improvements in application security concepts and tooling is important.
Strong communication skills and the ability to influence engineering decisions through data and collaboration are necessary.
Demonstrated ability to independently apply a broad range of theories, concepts, principles, and methodologies to complex application security projects is required.

The position offers a remote work environment with a flexible work schedule to promote work-life balance.
Employees will have the opportunity to attend an annual company offsite.
A generous leave package is provided, including a flexible time off policy, 13 paid holidays, paid sick leave, and paid parental leave.
Medical, dental, and vision insurance is available for employees and their families, along with a company-funded FSA & HSA depending on the chosen medical plan.
A 401(k) company match is offered to help employees save for retirement.
A one-time workspace reimbursement is provided to assist in optimizing the remote workspace.