Senior Application Security Engineer


Our mission is to serve cancer patients and our customers by dramatically improving treatment and accelerating research. Our team is building a disruptive, oncology-specific software platform that connects cancer centers across the world on a common technology infrastructure to address key healthcare challenges. Today, the Flatiron Health OncologyCloud™ platform includes the industry-leading electronic medical record for oncology, a first-of-its-kind analytics tool, patient portal, and integrated billing management. Our goal is to help cancer centers and life science companies leverage real-world oncology data at a scale and clinical depth never before seen, to advance cancer care and accelerate research.

The security team at Flatiron Health is a killer group to join. We are part of an amazing organization full of really smart people and work every day to protect against threats to a business trying to help cure cancer. We create attack driven defenses, not compliance. We are always looking for new ideas and trying to make sure the best ideas rise to the top of the heap. We focus on results and not just debate, in fact we are often architects, designers and engineers, not just advisors. We build credibility through action and results.

As a Senior Application Security Engineer you will:

  • See our architectures, read our code, break the apps, and find the problems before the bad guys do (through penetration testing, ethical hacking, etc.).
  • Build frameworks, APIs, processes, and whatever else is necessary to keep our web applications secure.
  • Stay on the leading edge of security research and make sure the company responds to new things quickly.
  • Build application security champions. Teach engineers how to code secure.
  • Own the responsibility of securing our products!

About you:

  • Have a strong foundation in and in-depth technical knowledge of application security, particularly web application security.
  • Sympathize with the complexity of being a developer and want to help make writing secure code easier.
  • Can read code like a book, and write enough code to get by. (Our stack includes python, angular, and VB.NET, although we don’t require experience with these languages).
  • Have at least 4 years of relevant work experience.
  • Have excellent interpersonal communication skills.
  • Able to deal with the ambiguity associated with working in a fast paced and changing environment; self motivated and results oriented.